Developer Community

This community is currently in a read-only state due to a maintenance window. For more info click here
New Contributor

HP-Switch-5406Rzl2 - Set encrypted-password - Value is invalid

Dear all,


I'm a (java) software developer and I need to create a config with an encrypted password, without the possibility to use an HPE device while creating this config.


I found this documentation about setting an encrypted password:

What I've learned there is that the password should be a base64–encoded aes256–encrypted string, but this is mainly used to save and restore an existing config. I would create a NEW config. Is this possible at all?


The device is an HPE Aruba switch 5406Rzl2, running as software image: KB.16.08.0003 (May  2 2019 19:24:36)


The commands I have executed are:


HP-Switch-5406Rzl2# erase all

<reboot etc.>

HP-Switch-5406Rzl2# configure terminal

HP-Switch-5406Rzl2(config)# encrypt-credentials pre-shared-key plaintext testkey

Save config and continue (y/n)? y

HP-Switch-5406Rzl2(config)# encrypt-credentials


                              **** CAUTION ****


This will encrypt all passwords and authentication keys.


Save config and continue (y/n)? y


HP-Switch-5406Rzl2(config)# show encrypt-credentials


Encryption    : Enabled

Pre-shared Key: 98483c6eb40b6c31a448c22a66ded3b5e5e8d5119cac8327b655c8b5c4836489


HP-Switch-5406Rzl2(config)# encrypted-password manager user-name testuser 79hk2jDW8AHzUYIFCh767A==

Value 79hk2jDW8AHzUYIFCh767A== is invalid.



As you can see, the device returns that the value is invalid!


The code I used to create the value is:


final byte[] ky=DatatypeConverter.parseHexBinary("98483c6eb40b6c31a448c22a66ded3b5e5e8d5119cac8327b655c8b5c4836489");
final byte[] iv = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
String encrypted= new Aes256cbc(ky,iv).encrypt("testpassword");



Where Aes256cbc is defined as this class:



import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class Aes256cbc {
    private static final String ALGORITHM = "AES";
    private static final Logger LOGGER=LoggerFactory.getLogger(Aes256cbc.class);
    private final byte[] key;
    private final byte[] iv;

    public Aes256cbc(byte[] key,byte[] iv) {
        this.key = key;
        this.iv = iv;

    public String encrypt(final String plainText) {
        final byte[] plainTextAsByteArray=plainText.getBytes();
        final SecretKeySpec secretKey = new SecretKeySpec(key, ALGORITHM);
        final IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
        byte[] resultAsBytearray=null;

        try {
            final Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivParameterSpec);
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException | InvalidAlgorithmParameterException | IllegalBlockSizeException | BadPaddingException e) {

        return resultAsBytearray!=null ? DatatypeConverter.printBase64Binary(resultAsBytearray) : null;



  • Can you tell my whether or not I make a fundamental error?
  • Is it possible what I would like to accomplish?
  • Can you maybe give me some hints to fulfill my need to encrypt a plaintext password, which can be used to configure the device? (preferably in java, but a pseudo/other language is ok too)


Thanks in advance!

Search Airheads
Showing results for 
Search instead for 
Did you mean: