Skip to content

Commit

Permalink
change AES encryption
Browse files Browse the repository at this point in the history
  • Loading branch information
dmuelle committed Nov 6, 2024
1 parent 5934e4e commit 4782f38
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 4 deletions.
4 changes: 3 additions & 1 deletion modules/ROOT/pages/password-encryption.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,9 @@
= Password encryption limitations

Open Liberty supports the Advanced Encryption Standard (AES) encryption for passwords that are stored in the `server.xml` file.
When you use this option for protecting passwords in the Open Liberty configuration, understand the limitations to the protection that AES encryption provides. Currently, Open Liberty supports AES-128 encryption.
When you use this option for protecting passwords in the Open Liberty configuration, understand the limitations to the protection that AES encryption provides.

The Open Liberty `securityUtility encode` command uses AES-256 encryption when the `--encoding` option is set to `aes`. The default value for this option is `xor`. For AES decryption, Open Liberty supports both AES-128 and AES-256.

Encrypting a password in the Open Liberty configuration does not guarantee that the password is secure or protected.
Encrypting a password means that someone who can see the encrypted password cannot easily recover the password unless they know the encryption key.
Expand Down
5 changes: 2 additions & 3 deletions modules/reference/pages/command/securityUtility-encode.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -60,11 +60,10 @@ securityUtility encode [options]
|--encoding=_encoding_type_
|Specifies how to encode the password.
Supported encodings types are `xor`, `aes`, and `hash`.
If this option isn't specified, a default encoding type of `xor` is used. Currently, the `aes` type uses AES-128 encryption.
If this option isn't specified, a default encoding type of `xor` is used. The `aes` type uses AES-256 encryption.
{empty} +
{empty} +
You can use the `hash` encoding type to encode passwords for a xref:ROOT:user-registries-application-security.adoc[basic user registry].
As of version 19.0.0.2, you can also use the `hash` encoding type to encode passwords for the xref:config/quickStartSecurity.adoc[quickStartSecurity element].
You can use the `hash` encoding type to encode passwords for a xref:ROOT:user-registries-application-security.adoc[basic user registry] or passwords for the xref:config/quickStartSecurity.adoc[quickStartSecurity element].

|--key=_encryption_key_
|Specifies the key to use when you encode with AES encryption.
Expand Down

0 comments on commit 4782f38

Please sign in to comment.