Merge pull request #7675 from OpenLiberty/7651-AES

change AES encryption
OpenLiberty · Nov 6, 2024 · d6aa2f3 · d6aa2f3
2 parents 317a374 + 4782f38
commit d6aa2f3
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/modules/ROOT/pages/password-encryption.adoc b/modules/ROOT/pages/password-encryption.adoc
@@ -16,7 +16,9 @@
 = Password encryption limitations
 
 Open Liberty supports the Advanced Encryption Standard (AES) encryption for passwords that are stored in the `server.xml` file.
-When you use this option for protecting passwords in the Open Liberty configuration, understand the limitations to the protection that AES encryption provides. Currently, Open Liberty supports AES-128 encryption.
+When you use this option for protecting passwords in the Open Liberty configuration, understand the limitations to the protection that AES encryption provides.
+
+The Open Liberty `securityUtility encode` command uses AES-256 encryption when the `--encoding` option is set to `aes`. The default value for this option is `xor`. For AES decryption, Open Liberty supports both AES-128 and AES-256.
 
 Encrypting a password in the Open Liberty configuration does not guarantee that the password is secure or protected.
 Encrypting a password means that someone who can see the encrypted password cannot easily recover the password unless they know the encryption key.

diff --git a/modules/reference/pages/command/securityUtility-encode.adoc b/modules/reference/pages/command/securityUtility-encode.adoc
@@ -60,11 +60,10 @@ securityUtility encode [options]
 |--encoding=_encoding_type_
 |Specifies how to encode the password.
 Supported encodings types are `xor`, `aes`, and `hash`.
-If this option isn't specified, a default encoding type of `xor` is used. Currently, the `aes` type uses AES-128 encryption.
+If this option isn't specified, a default encoding type of `xor` is used. The `aes` type uses AES-256 encryption.
 {empty} +
 {empty} +
-You can use the `hash` encoding type to encode passwords for a xref:ROOT:user-registries-application-security.adoc[basic user registry].
-As of version 19.0.0.2, you can also use the `hash` encoding type to encode passwords for the xref:config/quickStartSecurity.adoc[quickStartSecurity element].
+You can use the `hash` encoding type to encode passwords for a xref:ROOT:user-registries-application-security.adoc[basic user registry] or passwords for the xref:config/quickStartSecurity.adoc[quickStartSecurity element].
 
 |--key=_encryption_key_
 |Specifies the key to use when you encode with AES encryption.