留言板

  1. 主页
  2. Portal
  3. Decrypt passwords

Decrypt passwords

pedro diaz,修改在17 年前。

Decrypt passwords

New Member 帖子: 11 加入日期: 06-9-26 最近的帖子
Hello.

I have to decrypt LR users passwords but I can't find the way to do it.

I've seen that Digester.digest() us used to encrypt passwords, but there isn't any other methon on Digester class to decrypt them.

When I try to use Encryptor.decrypt() to decrypt a password an exception is thrown:

com.liferay.util.EncryptorException: javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher


The code I use when y try to decrypt a password is:


User usuario = UserServiceUtil.getUserById("myuser");

String passwordenc = usuario.getPassword();

String companyId = usuario.getCompanyId();
	
Company company = CompanyLocalServiceUtil.getCompany(companyId);	

String password = Encryptor.decrypt(company.getKeyObj(), passwordenc);
Uma Dasgupta,修改在15 年前。

RE: Decrypt passwords

New Member 帖子: 7 加入日期: 07-9-7 最近的帖子
Hi,

Did you manage to solve this problem? If you did, could you please post the solution here. I am getting the same error.

Thanks,
Uma
thumbnail
sibi thomas,修改在14 年前。

RE: Decrypt passwords

Junior Member 帖子: 43 加入日期: 08-5-30 最近的帖子
Hi,

I am also struggling for the same issue. please someone can help in this
thumbnail
Shagul Khaja,修改在14 年前。

RE: Decrypt passwords

Liferay Master 帖子: 758 加入日期: 07-9-27 最近的帖子
Passwords are encrypted in a way not to be decrypted . This may be the desired policy in most places. It may require quite some customization if you don't want to use plain text and still need a reversible encryption.


Best,
Shagul
thumbnail
Rishi Dev Gupta,修改在14 年前。

RE: Decrypt passwords

Expert 帖子: 255 加入日期: 08-11-23 最近的帖子
Shagul,

I am working on fetching the password but no success till yet as it is one way process only.

Can you send me the link/detail/approach so that I can encrypt/decrypt password of a user.
thumbnail
Shagul Khaja,修改在14 年前。

RE: Decrypt passwords

Liferay Master 帖子: 758 加入日期: 07-9-27 最近的帖子
Hey Rishi,

What is the purpose of retrieving users password? To send it back to the user??? SSO???

-Shagul
thumbnail
Rishi Dev Gupta,修改在14 年前。

RE: Decrypt passwords

Expert 帖子: 255 加入日期: 08-11-23 最近的帖子
I am working on a custom portlet where the user is send the login information each time his request is approved to join a community. That's why I need to do this.

Regards Rishi
thumbnail
Shagul Khaja,修改在14 年前。

RE: Decrypt passwords

Liferay Master 帖子: 758 加入日期: 07-9-27 最近的帖子
Rishi Dev Gupta:
I am working on a custom portlet where the user is send the login information each time his request is approved to join a community. That's why I need to do this.

Regards Rishi


You may want to look into UserLocalServiceImpl and how PwdEncryptor is used. You may have to replace that with your encryption.

Best Regards,
Shagul
thumbnail
Rishi Dev Gupta,修改在14 年前。

RE: Decrypt passwords

Expert 帖子: 255 加入日期: 08-11-23 最近的帖子
Shagul, I have gone through the complete Liferay Password api. But it is tightly integrated as the password is used at number of locations like (forget password, change password) to name a few. I was wondering I need to bring all the classes related to password into ext and override them like with one logic or other so that they all point to my custom encryption.

Another approach (not good)
I was also looking at a different approach i.e the way Impersonate user works but that too is buggy. Once you impersonate some user and try to move around using "dock>>My home" and you are again shifted back to the user who triggered user impersonation. That's also OUT for me.

Regards Rishi
thumbnail
Rishi Dev Gupta,修改在14 年前。

RE: Decrypt passwords

Expert 帖子: 255 加入日期: 08-11-23 最近的帖子
To resolve the password issue:-

I have created the Java Class containing custom logic for password encryption.

Integrated this class with Liferay's Password encryption logic. The integration is configurable and can be switched on/off by updating resource file.

The only issue is the users who are already created would not be able to log-in as the password stored for them has one way encryption, so to overcome that we have to update the password in database for all users with some default password in encrypted format and user should update their password after first log in.
Rajesh Nathi,修改在12 年前。

RE: Decrypt passwords

Junior Member 帖子: 71 加入日期: 11-3-8 最近的帖子
Hi,

I have the same requirement to decrypt password, Any one succeeded in getting it ?

Thanks
-Rajesh
thumbnail
Rishi Dev Gupta,修改在12 年前。

RE: Decrypt passwords

Expert 帖子: 255 加入日期: 08-11-23 最近的帖子
Its a one way encryption and can not be decrypted.
You need to get your custom encrypto and decryptor going in place of the one provided by liferay.
Rajesh Bangaram,修改在12 年前。

RE: Decrypt passwords

Junior Member 帖子: 71 加入日期: 11-3-8 最近的帖子
Ok, Thanks you Rishi.

-Rajesh