Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[enhancement] Bcrypt.Verifyer.verify(char[] password, byte[] bcryptHash) #16

Closed
Andrew-Cottrell opened this issue Apr 15, 2019 · 2 comments
Closed

[enhancement] Bcrypt.Verifyer.verify(char[] password, byte[] bcryptHash) #16

Andrew-Cottrell opened this issue Apr 15, 2019 · 2 comments
Labels
enhancement New feature or request
Milestone
v0.8.0

Comments

@Andrew-Cottrell
Copy link

While converting some existing code to the bcrypt API, I ran in to a (very) minor pain-point.

When working with some APIs it is natural for the password to be a char[] (e.g. passed to javax.crypto.spec.PBEKeySpec ctor) and the bcryptHash to be a byte[] (e.g. read fully from a java.io.DataInputStream).

This is probably an advanced use-case, but it would be nice to have Bcrypt.Verifyer.verify(char[] password, byte[] bcryptHash).
@patrickfav patrickfav added this to the v0.8.0 milestone Apr 15, 2019
@patrickfav patrickfav added the enhancement New feature or request label Apr 15, 2019
patrickfav added a commit that referenced this issue Apr 15, 2019
@patrickfav
Provide new verify API with signature (char[] password, byte[] bcrypt…
ac12452 
…Hash)

refs #16
@patrickfav
Copy link
Owner

Is added. Downside is, that this can be a bit confusing as it expects the byte representation of a chars representing a base64 string.

@Andrew-Cottrell
Copy link
Author

Andrew-Cottrell commented Apr 24, 2019
edited
Loading

I have run a quick test and the new method works exactly as I would expect.

public static void main(final String[] args) {
    final char[] password = "password".toCharArray();
    final byte[] bcryptHash = "$2a$12$Kuy09vX7/OoqoDBcKFvbluzt0/kj.PYAYFyyuXyW0kA/sCgk6wKCW".getBytes(StandardCharsets.UTF_8);
    final Result result = BCrypt.verifyer().verify(password, bcryptHash);
    System.out.println(result);
}

Output (formatted):

Result {
    details = HashData {
        cost = 12,
        version = $2a$,
        rawSalt = 330d36ff167d050aaca850de307c5d9f,
        rawHash = d6fd819a5011682687d34c19d18da6081b848a6f323046
    },
    validFormat = true,
    verified = true,
    formatErrorMessage = 'null'
}

It's perfect for my use-case. Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
v0.8.0
Development

No branches or pull requests
2 participants
@patrickfav @Andrew-Cottrell