Crate unftp_auth_jsonfile[−][src]
This crate implements a libunftp Authenticator
that authenticates against credentials in a JSON formatted file.
It supports both plaintext as well as PBKDF2 encoded passwords.
Plaintext example
[
{
"username": "alice",
"password": "I am in Wonderland!"
}
]
PBKDF2 encoded Example
Both the salt and key need to be base64 encoded. Currently only HMAC_SHA256 is supported by libunftp (more will be supported later).
There are various tools that can be used to generate the key. In this example, we use nettle-pbkdf2 which can generate the HMAC_SHA256.
Generate a secure salt:
salt=$(dd if=/dev/random bs=1 count=8)
Generate the base64 encoded PBKDF2 key, to be copied into the pbkdf2_key
field of the JSON structure.
Make sure however to not exceed the output length of the digest algorithm (256 bit, 32 bytes in our case):
echo -n "mypassword" | nettle-pbkdf2 -i 500000 -l 32 --hex-salt $(echo -n $salt | xxd -p -c 80) --raw |openssl base64 -A
Convert the salt into base64 to be copied into the pbkdf2_salt
field of the JSON structure:
echo -n $salt | openssl base64 -A
Now write these to the JSON file, as seen below. Make sure that pbkdf2_iter
matches the iterations (-i
) used with nettle-pbkdf2
.
[
{
"username": "bob",
"pbkdf2_salt": "<<BASE_64_RANDOM_SALT>>",
"pbkdf2_key": "<<BASE_64_KEY>>",
"pbkdf2_iter": 500000
},
]
Mixed example
It is possible to mix plaintext and pbkdf2 encoded type passwords.
[
{
"username": "alice",
"pbkdf2_salt": "<<BASE_64_RANDOM_SALT>>",
"pbkdf2_key": "<<BASE_64_KEY>>",
"pbkdf2_iter": 500000
},
{
"username": "bob",
"password": "This password is a joke"
}
]
Using it with libunftp
Use JsonFileAuthenticator::from_file to load the JSON structure directly from a file.
See the example examples/jsonfile_auth.rs
.
Alternatively use another source for your JSON credentials, and use JsonFileAuthenticator::from_json instead.
Structs
JsonFileAuthenticator | This structure implements the libunftp |