| Category: | Bug report |
Priority: | High |
Status: | New |
| Project: | Severity: | Major |
Resolution: | Open |
|
| Component: | Reproducibility: | Always |
Assigned to: |
i enable the login encryption in my jasper server 6.4.0, and i want use a dynamic key encryption.
I modified the following lines of the security-config file :
encryption.on=true
encryption.dynamic.key=true
encryption.type=RSA
encryption.key.length=1024
After a restart, in my code, the rest service 'GetEncryptionKey' returns :
{
"maxdigits":"131",
"e":"10001",
"n":"d22ab91676302aacb07..."
}
I use this code to encrypt password with bouncycastle 1.57:
Security.insertProviderAt(new BouncyCastleProvider(), 1);
RSAPublicKeySpec publicKeySpec = new RSAPublicKeySpec(new BigInteger(n,
16), new BigInteger(e, 16));
PublicKey publicKey = KeyFactory.getInstance("RSA").generatePublic(publicKeySpec);
Cipher cipher = Cipher.getInstance("RSA/NONE/NoPadding", "BC");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] cipherText = cipher.doFinal("joeuser".getBytes("UTF8"));
return Base64.encodeBase64String(cipherText);
After, i use this direct url and i have an error on login page :
.../flow.html?_flowId=viewReportFlow&ParentFolderUri=...&standAlone=true&j_username=joeuser&j_password=gReYRml7YlMuEQ2...
BUT, if i write the password in plain text, this url works :
...&standAlone=true&j_username=joeuser&j_password=joeuser
Encryption is enabled, so why the plain text version works, and not the encrypted version ? If i turn off encryption, the rest service returns Error: Key generation is off.
Maybe i have to use somewhere the attribute 'maxdigits' to build public key ?
1 Comment:
Hello Nicolas,
Can you please share your code
i have the seem problem ! you can hide your password for the example.
Thank's in advance