How Openbravo encrypt Password

As in general, password data stored as encripted text inside database table, so is Openabravo. Beside user account’s password, Openbravo also provide data type so called password. You may create a custom field, and register those field type as a password, for example SMTP password. Before used, you need to compile usually by runing ant task ant smartbuild. During compilation, Openbravo generate model class. This generated code include encryption. Then, when new data created or updated, before stored to database, this model class encrypt first. But this is model class is exclusive for Openbravo UI. You can not get this benefit, for example, if you post a record through Openbravo web service API. when you post a record through Openbravo web service API, it will not encrypted. Then you may experience undesired behaviour. When you try to match password entry, submitted password will be encrypted first then compared to infomation on database, then password macthing never happen.

To cope this issue, you need to encrypt first before post record through Openbravo web service API. Please read java code below:

package com.belajarjava;

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

import org.apache.commons.codec.binary.Base64;

public class BelajarJava {

	public static void main(String[] args) throws NoSuchAlgorithmException, UnsupportedEncodingException {
		
		final String password = "openbravo";
		 
		// get the md5 digest algorithm
		MessageDigest algorithm = MessageDigest.getInstance("SHA");
		 
		// get the input as bytes
		byte[] bytes = password.getBytes("UTF-8");
		 
		// calculate the digest
		algorithm.reset();
		algorithm.update(bytes);
		byte[] md5Digest = algorithm.digest();
		

		String encString = new String(Base64.encodeBase64(md5Digest));
		
		System.out.println(password+": "+encString);
		System.out.println("desired: "+"PwOd6SgWF74HY4u51bfrUxjtB9g=");


	}

}

In java code above, line 16, show you Openbravo use SHA-1 as cryptographic hash function. At line 27, show you Openbravo use 64 bit encryption. Last, line 29-30 show you that password matched.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s