# mosquitt_passwd.php -rw-r--r-- 1.2 KiB View raw
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
#! /usr/bin/php

<?php
// Create a line with obfuscated credentials meant to be used in a file given to
// Mosquitto MQTT broker's password_file option (mosquitto.conf(5),
// https://mosquitto.org/man/mosquitto-conf-5.html) and thus compatible with the
// mosquitto_passwd utility (mosquitto_passwd(1),
// https://mosquitto.org/man/mosquitto_passwd-1.html).

// Based on a question & thread in the Mosquitto mailing list, see blog post;
// https://mikini.dk/2017/01/generating-passwords-for-mosquitto-mqtt-broker-using-php

if ($argc >= 3) {
    echo ("Add the obfuscated line below to Mosquitto's password file to authenticate with the provided credentials:\n\n");
    echo (mosquitto_password($argv[1], $argv[2])."\n");
}
else {
    echo("ERROR: Supply username and password as arguments in that order.\n");
}

function mosquitto_password($username, $password) {
    $salt_base64 = base64_encode(openssl_random_pseudo_bytes(12));
//    $salt_base64="mfJ0Eq3rIDLKG33r"; // example salt used in blog post
    $salt = base64_decode($salt_base64);
    $hash = hash("sha512", $password.$salt, true);
    $hash_base64 = base64_encode($hash);
    return($username.":$6$".$salt_base64."$".$hash_base64);
}
?>