Uploaded image for project: 'A-MQ Messaging-as-a-Service'
  1. A-MQ Messaging-as-a-Service
  2. ENTMQMAAS-1388

Device registry fails to encrypt plain passwords

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 1.3.0
    • 1.2.2
    • IoT
    • None
    • Hide
      Show
      Install IoT services and project as in getting started guide Create a device curl --insecure -X POST -i -H 'Content-Type: application/json' -H "Authorization: Bearer $TOKEN" https://$REGISTRY_HOST/v1/devices/myapp.iot/device01 Create credentials curl --insecure -X PUT -i -H 'Content-Type: application/json' -H "Authorization: Bearer $TOKEN" --data-binary '[{"type":"hashed-password", "auth-id": "device01", "secrets": [\{"pwd-plain":"'hono-secret'"\}] }]' https://$REGISTRY_HOST/v1/credentials/myapp.iot/device01 Retrieve credentials curl --insecure -X GET -i -H 'Content-Type: application/json' -H "Authorization: Bearer $TOKEN" https://$REGISTRY_HOST/v1/credentials/myapp.iot/device01 Note that device registry returns plain password and device cannot authenticate

      When creating a password credential with pwd-plain, device registry should encrypt it and store it in encrypted form.

              jbtrystram Jean-Baptiste Trystram (Inactive)
              dejanbosanac Dejan Bosanac
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: