BETA BLOG - Support AES-256 password encoding

[Zech-Hein]

The information you provide here will be included in the Open Liberty beta blog post (example), which will be published on openliberty.io/blog/, and potentially elsewhere, to promote this beta feature/function of Open Liberty. For this post to be included in the beta issue please make sure that this is completed by the end of Friday following the GM (Tuesday). The beta and release blogs are created using automation and rely on you following the template's structure. DO NOT REMOVE/ALTER THE <GHA> TAGS THROUGHOUT THIS TEMPLATE.

<GHA-BLOG-SUMMARY>

Please provide a summary of the update, including the following points:

• A sentence or two that introduces the update to someone new to the general technology/concept.
  • AES password encryption now uses an AES-256 bit key, and still supports existing AES password encryption with AES-128 bit keys.
• The Human-readable name and short feature name for your feature- eg WebSockets feature (websockets-1.0).
  • N/A - this is enabled automatically when using {aes} encoded password strings in server configuration.
• Who is the target persona? Who do you expect to use the update? eg application developer, operations.
  • Liberty Administrators
• What was the problem before and how does your update make their life better? (Why should they care?)
  • AES password encryption only used a 128 bit key before and now will use a 256 bit key for stronger encryption, making encrypted passwords more secure.
• Briefly explain how to make your update work. Include screenshots, diagrams, and/or code snippets, and provide a server.xml snippet.

  • The same steps that already existed remain the same: https://openliberty.io/docs/latest/reference/command/securityUtility-encode.html

  • cmdline: wlp\bin>securityUtility encode --encoding=aes --key=Some_alternate_secret superAES256password

    returns: {aes}ARD63x6FQx6+JHq11ngCKqzBXgel9Hc2XfgGGQ1SZHqmpsDFOCIVGke/55Hd9vca0/iktghLeI/bm+/vH8voezWMSk4+6qayrBNU0JeHnLwEIVtjLo0Xd+/BbHhJgsINQOr0zhT1WHSVFjvzYU3vFNYe473cZA==

  • server.xml snippet: <user name="customUserWithAES256" password="{aes}ARD63x6FQx6+JHq11ngCKqzBXgel9Hc2XfgGGQ1SZHqmpsDFOCIVGke/55Hd9vca0/iktghLeI/bm+/vH8voezWMSk4+6qayrBNU0JeHnLwEIVtjLo0Xd+/BbHhJgsINQOr0zhT1WHSVFjvzYU3vFNYe473cZA==" />

• Where can they find out more about this specific update (eg Open Liberty docs, Javadoc) and/or the wider technology?
  • https://openliberty.io/docs/latest/reference/command/securityUtility-encode.html
  • https://openliberty.io/docs/latest/password-encryption.html

</GHA-BLOG-SUMMARY>

What happens next?

• Add the label to the blog issue for the beta you're targeting (e.g. target:YY00X-beta).
• Make sure this blog post is linked back to the Epic for this feature/function.
• Your paragraph will be included in the beta blog post. It might be edited for style and consistency.
• You will be asked to review a draft before publication.
  • Once you've approved the code review, close this issue.
• If you would also like to write a standalone blog post about your update (highly recommended), raise an issue on the Open Liberty blogs repo. State in the issue that the blog post relates to a specific release so that we can ensure it is published on an appropriate date (it won't be the same day as the beta blog post).