securityUtility encode

The securityUtility encode command supports plain text obfuscation for Open Liberty.

This command obfuscates text that you provide, such as a password, based on the encoding type that you specify.

If no text is provided, the command enters interactive mode. Interactive mode prompts you to enter and confirm your text input, rather than provide text on the same line as the command.

Enclose any text with spaces in quotation marks. If your password includes special characters, you must escape each special character to help ensure that the password is properly encoded. For more information, see Check passwords for special characters.

For more information about limits to password encryption, see Password encryption limitations.

Usage examples

Encrypt a password with Advanced Encryption Standard (AES) encryption. After you enter this command, interactive mode prompts you for the password that you want to encrypt:

securityUtility encode --encoding=aes

Hash a password. After you enter this command, interactive mode prompts you for the password that you want to hash:

securityUtility encode --encoding=hash

Syntax

Run the command from the path_to_liberty/wlp/bin directory.

securityUtility encode [options]

Options

Options for the securityUtility encode command
OptionDescription

--encoding=encoding_type

Specifies how to encode the password. Supported encodings types are xor, aes, and hash. The default value for this option is xor. The aes type uses AES-128 encryption.

You can use the hash encoding type to encode passwords for a basic user registry or passwords for the quickStartSecurity element.

--key=encryption_key

Specifies the key to use when you encode with AES encryption. This string is hashed to produce an encryption key that is used to encrypt and decrypt the password. You can provide the key by defining the wlp.password.encryption.key variable as the key value. If this option isn’t specified, a default key is used.

--listCustom

Displays the information of the custom password encryption in JSON format. The information consists of the following things:

  • name: The custom password encryption algorithm name.

  • featurename: The feature name.

  • description: The description of the custom password encryption.

--notrim

Specifies whether space characters are removed from the beginning and end of the specified text. If this option is specified, the provided text is encoded as it is. If this option isn’t specified, space characters are removed from the beginning and end of the specified text.

Exit codes

The following exit codes are available for the securityUtility encode command:

Exit codes for the securityUtility encode command
CodeExplanation

0

This code indicates successful completion of the requested operation.

1

This code indicates a generic error.

2

This code indicates that the server is not found.

3

This code indicates that the client is not found.

4

This code indicates that the path can not be created.

5

This code indicates that the file already exists.

Check passwords for special characters

If your password includes special characters, you must escape each special character to help ensure that the password is properly encoded. Special characters and escape characters might vary according to your operating system. For example, on Unix systems, pa$$W0rd must be provided as pa\$\$W0rd.

To check whether your password includes any characters that your operating system considers to be special characters, you can run the echo command.

On the command line, type echo followed by the password and review the output to determine whether it differs from your specified password. If any characters are changed, you must escape the characters. The following example is for Ubuntu.

$ echo pa$$W0rd
pa683W0rd
// The dollar sign ($) special characters aren't encoded properly.

$ echo pa\$\$W0rd
pa$$W0rd
// Escape each special character individually to return the correct password to encode.

$ securityUtility encode pa\$\$W0rd