Apache Shiro教程(六)命令行Hasher

Shiro 1.2.0和更高版本中提供了一个命令行程序,可以对几乎任何类型的的散列字符串和资源(文件,URL,类路径条目)进行加密。

用法,进入shiro-tools-hasher-<version>-cli.jar 所在的目录,执行如下命令:

1 java -jar shiro-tools-hasher-<version>-cli.jar

此时会显示命令参数说明,如下:

 1 usage: java -jar shiro-tools-hasher-<version>.jar [options] [<value>]
 2 
 3 Print a cryptographic hash (aka message digest) of the specified <value>.
 4 --
 5 Options:
 6  -a,--algorithm <name>          hash algorithm name.  Defaults to SHA-256
 7                                 when password hashing, MD5 otherwise.
 8  -d,--debug                     show additional error (stack trace)
 9                                 information.
10  -f,--format <arg>              hash output format.  Defaults to 'shiro1'
11                                 when password hashing, 'hex' otherwise.
12                                 See below for more information.
13  -gs,--gensalt                  generate and use a random salt. Defaults
14                                 to true when password hashing, false
15                                 otherwise.
16  -gss,--gensaltsize <numBits>   the number of salt bits (not bytes!) to
17                                 generate.  Defaults to 128.
18  -help,--help                   show this help message.
19  -i,--iterations <num>          number of hash iterations.  Defaults to
20                                 500000 when password hashing, 1 otherwise.
21  -ngs,--nogensalt               do NOT generate and use a random salt
22                                 (valid during password hashing).
23  -p,--password                  hash a password (disable typing echo)
24  -pnc,--pnoconfirm              hash a password (disable typing echo) but
25                                 disable password confirmation prompt.
26  -r,--resource                  read and hash the resource located at
27                                 <value>.  See below for more information.
28  -s,--salt <sval>               use the specified salt.  <arg> is
29                                 plaintext.
30  -sb,--saltbytes <encTxt>       use the specified salt bytes.  <arg> is
31                                 hex or base64 encoded text.
32 
33 <value> is optional only when hashing passwords (see below).  It is
34 required all other times.
35 
36 Password Hashing:
37 ---------------------------------
38 Specify the -p/--password option and DO NOT enter a <value>.  You will
39 be prompted for a password and characters will not echo as you type.
40 
41 Salting:
42 ---------------------------------
43 Specifying a salt:
44 
45 You may specify a salt using the -s/--salt option followed by the salt
46 value.  If the salt value is a base64 or hex string representing a
47 byte array, you must specify the -sb/--saltbytes option to indicate this,
48 otherwise the text value bytes will be used directly.
49 
50 When using -sb/--saltbytes, the -s/--salt value is expected to be a
51 base64-encoded string by default.  If the value is a hex-encoded string,
52 you must prefix the string with 0x (zero x) to indicate a hex value.
53 
54 Generating a salt:
55 
56 Use the -sg/--saltgenerated option if you don't want to specify a salt,
57 but want a strong random salt to be generated and used during hashing.
58 The generated salt size defaults to 128 bits.  You may specify
59 a different size by using the -sgs/--saltgeneratedsize option followed by
60 a positive integer (size is in bits, not bytes).
61 
62 Because a salt must be specified if computing the
63 hash later, generated salts will be printed, defaulting to base64
64 encoding.  If you prefer to use hex encoding, additionally use the
65 -sgh/--saltgeneratedhex option.
66 
67 Files, URLs and classpath resources:
68 ---------------------------------
69 If using the -r/--resource option, the <value> represents a resource path.
70 By default this is expected to be a file path, but you may specify
71 classpath or URL resources by using the classpath: or url: prefix
72 respectively.
73 
74 Some examples:
75 
76 <command> -r fileInCurrentDirectory.txt
77 <command> -r ../../relativePathFile.xml
78 <command> -r ~/documents/myfile.pdf
79 <command> -r /usr/local/logs/absolutePathFile.log
80 <command> -r url:http://foo.com/page.html
81 <command> -r classpath:/WEB-INF/lib/something.jar
82 
83 Output Format:
84 ---------------------------------
85 Specify the -f/--format option followed by either 1) the format ID (as defined
86 by the org.apache.shiro.crypto.hash.format.DefaultHashFormatFactory
87 JavaDoc) or 2) the fully qualified org.apache.shiro.crypto.hash.format.HashFormat
88 implementation class name to instantiate and use for formatting.
89 
90 The default output format is 'shiro1' which is a Modular Crypt Format (MCF)
91 that shows all relevant information as a dollar-sign ($) delimited string.
92 This format is ideal for use in Shiro's text-based user configuration (e.g.
93 shiro.ini or a properties file).

 

使用示例,如果想要对密码"tiger"进行 SHA-512 算法加密 1024次,盐值为 "Nazi",加密后密码以64位编码呈现,则可使用如下命令:

1 java -jar shiro-tools-hasher-1.2.2-cli.jar -a SHA-512 -d -f base64 -i 1024 -ngs -s Nazi -pnc -p

回车后输入 tiger  此时控制台回显

1 rzN+XZiPCHa+8O9c7jCnEzCE0BOgzitMU2x1aG6eg5f0wpnZcY9HaxyraO9NqUklI5y2bu1xrtgmJRrDe34xrg==

 

此时就可复制该加密后的密码初始化到文本文件或数据库中。

posted @ 2013-10-05 23:19  Bruce.Chang.Lee  阅读(683)  评论(0)    收藏  举报