Crate unftp_auth_jsonfile[−][src]

This crate implements a libunftp Authenticator that authenticates against credentials in a JSON formatted file.

It supports both plaintext as well as PBKDF2 encoded passwords.

Plaintext example

[
  {
    "username": "alice",
    "password": "I am in Wonderland!"
  }
]

PBKDF2 encoded Example

Both the salt and key need to be base64 encoded. Currently only HMAC_SHA256 is supported by libunftp (more will be supported later).

There are various tools that can be used to generate the key. In this example, we use nettle-pbkdf2 which can generate the HMAC_SHA256.

Generate a secure salt:

salt=$(dd if=/dev/random bs=1 count=8)

Generate the base64 encoded PBKDF2 key, to be copied into the pbkdf2_key field of the JSON structure. Make sure however to not exceed the output length of the digest algorithm (256 bit, 32 bytes in our case):

echo -n "mypassword" | nettle-pbkdf2 -i 500000 -l 32 --hex-salt $(echo -n $salt | xxd -p -c 80) --raw |openssl base64 -A

Convert the salt into base64 to be copied into the pbkdf2_salt field of the JSON structure:

echo -n $salt | openssl base64 -A

Now write these to the JSON file, as seen below. Make sure that pbkdf2_iter matches the iterations (-i) used with nettle-pbkdf2.

[
  {
    "username": "bob",
    "pbkdf2_salt": "<<BASE_64_RANDOM_SALT>>",
    "pbkdf2_key": "<<BASE_64_KEY>>",
    "pbkdf2_iter": 500000
  },
]

Mixed example

It is possible to mix plaintext and pbkdf2 encoded type passwords.

[
  {
    "username": "alice",
    "pbkdf2_salt": "<<BASE_64_RANDOM_SALT>>",
    "pbkdf2_key": "<<BASE_64_KEY>>",
    "pbkdf2_iter": 500000
  },
  {
    "username": "bob",
    "password": "This password is a joke"
  }
]

Using it with libunftp

Use JsonFileAuthenticator::from_file to load the JSON structure directly from a file. See the example examples/jsonfile_auth.rs.

Alternatively use another source for your JSON credentials, and use JsonFileAuthenticator::from_json instead.

Structs

JsonFileAuthenticator