powered by Jive Software

How is the IM password encrypted in the database?

hey guys,

I want to know how the gateway plugin encrypts the IM password. Because I think maybe I can encrypt it the same way I do to my other accounts.

Thanks

The code for the storage the plugin uses is:

if (password != null) {
  // The password is stored in encrypted form for improved security.
  String encryptedPassword = AuthFactory.encryptPassword(password);
  pstmt.setString(5, encryptedPassword);
}
else {
  pstmt.setNull(5, Types.VARCHAR);
}

And the AuthFactory uses blowfish to encrypt:

public static String encryptPassword(String password) {
  if (password == null) {
    return null;
  }
  Blowfish cipher = getCipher();
  if (cipher == null) {
    throw new UnsupportedOperationException();
  }
  return cipher.encryptString(password);
  }

The “masterkey” is used from the main database:

keyString = JiveGlobals.getProperty("passwordKey");
if (keyString == null) {
  keyString = StringUtils.randomString(15);
  JiveGlobals.setProperty("passwordKey", keyString);
  // Check to make sure that setting the property worked. It won''t work,
  // for example, when in setup mode.
  if (!keyString.equals(JiveGlobals.getProperty("passwordKey"))) {
    return null;
  }
}
cipher = new Blowfish(keyString);

I hpoe this helps.

Thanks man, that helps a lot.

Out of sheer curiousity, what encryption method are you using that’‘s more common? =) (if you don’‘t mind telling me) The method I’'m using is the same method that Openfire itself uses, but you may be adjusting that as well.

We are still thinking which one is better, maybe end up using wildfire stuff

Good Morning,

Why using other methods than the one the mainapplication the plugin is written for provides?

You only have more work to do yourself and have to fix bugs and so on.

If you are using the available methods many user can share this maintenence work.