{"id":20077398,"url":"https://github.com/sius/pencil","last_synced_at":"2026-04-28T17:33:48.503Z","repository":{"id":47076437,"uuid":"245301724","full_name":"sius/pencil","owner":"sius","description":"Spring PasswordEncoders for LDAP encoded passwords","archived":false,"fork":false,"pushed_at":"2023-12-05T22:44:39.000Z","size":181,"stargazers_count":2,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-01-13T01:07:11.839Z","etag":null,"topics":["ldap","password-hash","spring-boot","spring-security"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sius.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-03-06T01:10:25.000Z","updated_at":"2022-09-17T12:04:37.000Z","dependencies_parsed_at":"2023-01-29T01:02:12.117Z","dependency_job_id":null,"html_url":"https://github.com/sius/pencil","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sius%2Fpencil","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sius%2Fpencil/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sius%2Fpencil/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sius%2Fpencil/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sius","download_url":"https://codeload.github.com/sius/pencil/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241509617,"owners_count":19974071,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ldap","password-hash","spring-boot","spring-security"],"created_at":"2024-11-13T15:08:02.204Z","updated_at":"2026-04-28T17:33:43.478Z","avatar_url":"https://github.com/sius.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Preliminary note\nThe salted secure hash algorithms used in this library do not meet today's security standards (and are deprecated or no longer supported in Spring Boot). They should therefore not be used. The library is intended only as support for developers who need to cope with legacy systems (LDAP) that still manage users with insecure password hashes and that cannot be easily removed from production use.\n\nBefore using this library, it should therefore be checked whether a password rotation procedure is possible, so that password hashes can always be generated or updated with a hash algorithm that complies with the current security standards.\n\n## Additional Spring Boot PasswordEncoders for Salted SHA encoded passwords\nThe third-party Spring Boot starter library provides a custom DelegatingPasswordEncoder Bean \nfor the following PasswordEncoder encode Ids and aliases:\n\n- bcrypt (`org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder`)\n- scrypt (`org.springframework.security.crypto.scrypt.SCryptPasswordEncoder`)\n- pbkdf2 (`org.springframework.security.crypto.password.Pbkdf2PasswordEncoder`)\n- ldap, SHA, SSHA (SSHA1, SSHA-1) (`LdapShaPasswordEncoder` compatible implementation of the legacy/non secureSalted Secure Hash Algorithm)\n- SSHA224 (SSHA-224), SSHA256 (SSHA-256), SSHA384 (SSHA-384), SSHA512 (SSHA-512)\n\nThe default PasswordEncoder for encoding is `BCryptPasswordEncoder`, \nwhile a password matching challenge against the encoded password tries to retrieve \na suitable PasswordEncoder identified by it's leading encode identifier, e.g.: `{SSHA512}`, `{bcrypt}` etc.\nThe default PasswordEncoder for encoding can be changed with the `liquer.pencil.default-encode-id` property, e.g.:\n`liquer.pencil.default-encode-id: SSHA512`\n\n## Usage\n\nAdd `pencil-spring-boot-starter` dependency and inject the provided PasswordEncoder Bean.\n\n```xml\n\u003cdependency\u003e\n  \u003cgroupId\u003eio.liquer.pencil\u003c/groupId\u003e\n  \u003cartifactId\u003epencil-spring-boot-starter\u003c/artifactId\u003e\n  \u003cversion\u003e2.0.2\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\n\u003e __IMPORTANT__:  \n\u003e __Please do not use older versions than 2.0.1__:\n\u003e - Version 2.0.0 leaks password hash to stdout\n\u003e - Version \u003c 2.0.0 fails to match long passwords due an utf-8 encoding bug\n\u003e see [Changelog](./CHANGELOG.md)\n\n_field injection example_\n```java\n\nimport org.springframework.beans.factory.annotation.Autowired;\n\n@Autowired\nprivate PasswordEncoder passwordEncoder;\n\n```\n\nThe auto-configuration and thus the loading of the provided passwordEncoder Bean \ncan be prevented by setting the environment property `liquer.pencil.enabled` to `false`.\n\n```yaml\n# application.yml\n\nliquer.pencil.enabled: false\n\n```\n\n## Additional `DelegatingPasswordEncoder` options via Spring boot Properties \n\n```yaml\nliquer:\n  pencil:\n    enabled: true # (default true)\n    default-encode-id: SSHA512 # The default encode id for encoding passwords. (default: bcrypt)\n    uf-safe: false # Whether to base64 encode password hashes URL and file safe. (default: false)\n    no-padding: false # Whether to base64 encode password hashes without padding. (default: false)\n    salt-size: 8 # The salt size in bytes. (default: 8)\n```\n\nUse custom encoding identifier {SSHA512}, {SSHA-512} ... on direct PasswordEncoder construction.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsius%2Fpencil","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsius%2Fpencil","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsius%2Fpencil/lists"}