Configuration of Custom Crypt-Style

You can use custom Crypt-Types, but you should decide during installation which Type of encryption you want to use. By default two type are available:

  • org.apache.openmeetings.util.crypt.MD5Implementation - this uses common MD5 Crypt like PHP does, this is the default one (results in something like: fe01ce2a7fbac8fafaed7c982a04e229)
  • org.apache.openmeetings.util.crypt.MD5CryptImplementation - does use BSD-Style of encryption using a salt (results in something like: $1$GMsj7F2I$5S3r9CeukXGXNwf6b4sph1)

You can edit the config-key during Installation or later in the Administration Panel. But if you change it using the Administration-Panel previous passwords might be not working anymore as they are encrypted with another algorithm.

Configuration of Custom Crypt-Style

To add your own crypt style you need to write a class which implements the interface: org.apache.openmeetings.util.crypt.ICrypt
Example of an Implementation:


package org.apache.openmeetings.util.crypt;

import static org.apache.openmeetings.util.OpenmeetingsVariables.webAppRootKey;

import java.security.NoSuchAlgorithmException;

import org.red5.logging.Red5LoggerFactory;
import org.slf4j.Logger;

public class MD5Implementation implements ICrypt {
	private static final Logger log = Red5LoggerFactory.getLogger(MD5Implementation.class, webAppRootKey);

	/*
	 * (non-Javadoc)
	 * @see org.apache.openmeetings.utils.crypt.ICrypt#hash(java.lang.String)
	 */
	@Override
	public String hash(String str) {
		String passPhrase = null;
		try {
			passPhrase = MD5.checksum(str);
		} catch (NoSuchAlgorithmException e) {
			log.error("Error", e);
		}
		return passPhrase;
	}

	/*
	 * (non-Javadoc)
	 * @see org.apache.openmeetings.utils.crypt.ICrypt#verify(java.lang.String, java.lang.String)
	 */
	@Override
	public boolean verify(String str, String hash) {
		return hash != null && hash.equals(hash(str));
	}
}

			

To add your own Encryption-Class you need to add your class to the OpenMeetings-Webapp (make it available to the webapp-classpath) and use your custom-class-name instead of org.apache.openmeetings.util.crypt.MD5Implementation during the Installation or at runtime by editing the config-key crypt_ClassName

Configuration of Custom Crypt-Style

credits goto Mika for sharing his Implementation of the MD5Crypt-Style