We recommend switching to the latest versions of Edge, Firefox, Chrome or Safari. Using Internet Explorer will result in a loss of website functionality.

Articles in this section

See more

56-Bit / 256-Bit Password Encryption

Avatar
Matthew Kennedy
  • Updated
Follow

This article details how to encrypt passwords in the Assure, Insight, Perceive and ER database, security configuration, user configuration and application server property files.

Password encryption is optional, though recommended. Unencrypted passwords in the properties files are visible to all users. By default, Infogix scripts utilize 56-bit PBE-DES encryption though AES 256-bit encryption is additionally supported.

Please note, all scripts mentioned within this article may be located within the <install_home>/bin directory. Additionally, the value "<jvm>" will be your custom configuration name defined within the <install_home>/config directory. Leaving the "-c <jvm>" argument out of the script execution will result in encrypting the default folder, located within <install_home>/config.

PBE-DES 56 Bit Encryption

1 ) Run the following command(s) if 56-bit password encryption is desired. After running the following script, passwords will have an {enc} prefix to indicate they are encrypted. If AES 256-bit encryption is preferred, please skip this section.

Windows

crypt-properties.bat -c <jvm>

UNIX or Linux

 ./crypt-properties.sh -c <jvm>

Example : crypt-properties.bat -c IGX

2 ) Run the following command to validate the configuration, now with encrypted password values in place. Please note, this step will be required for each application being updated, regardless if they reside on the same JVM.

Windows

 validate-config-values.bat -c <jvm> <product>

UNIX or Linux

./validate-config-values.sh -c <jvm> <product>

Example : validate-config-values.bat -c IGX IA
Example : validate-config-values.bat -c IGX II
Example : validate-config-values.bat -c IGX IV
Example : validate-config-values.bat -c IGX ER

3 ) Run the following command to ensure the new encrypted passwords are updated throughout the system. Please note, this step will be required for each application being updated, regardless if they reside on the same JVM.

Windows

update-config.bat -c <jvm> <product>

UNIX or LINUX

./update-config.sh -c <jvm> <product>

Example : update-config.bat -c IGX IA
Example : update-config.bat -c IGX II
Example : update-config.bat -c IGX IV
Example : update-config.bat -c IGX ER

AES 256 Bit Encryption

Complete this section if 256-bit password encryption is desired. After running the following script, passwords will have an {enc2} prefix to indicate they are encrypted.

1 ) Open the appserver.advanced.properties file located within <install_home>/config/<jvm>

Update the "DEFAULT_ENCRYPTION_LEVEL" property to reflect "AES"

mceclip0.png

2 ) Download the unrestricted security policy for your JVM. This step will be dependent on your JAVA version, for example :

For Oracle (Sun) JVM 1.6:

http://www.oracle.com/technetwork/java/javase/downloads/jce-6-
download-429243.html

For IBM® JVM:

https://www14.software.ibm.com/webapp/iwm/web/
preLogin.do?source=jcesdk

3 ) Unzip the "JCE Policy" / "Unrestricted" zip and follow the instructions located within the "README" file to install the "US_export_policy.jar" / "local_policy.jar".

4 ) Run the following command with the AES value

Windows

crypt-properties.bat -c <jvm> -t AES

UNIX or LINUX

 ./crypt-properties.sh -c <jvm> -t AES

5 ) Run the following command to validate the configuration, now with encrypted password values in place. Please note, this step will be required for each application being updated, regardless if they reside on the same JVM.

Windows

 validate-config-values.bat -c <jvm> <product>

UNIX or Linux

./validate-config-values.sh -c <jvm> <product>

Example : validate-config-values.bat -c IGX IA
Example : validate-config-values.bat -c IGX II
Example : validate-config-values.bat -c IGX IV
Example : validate-config-values.bat -c IGX ER

6 ) Run the following command to ensure the new encrypted passwords are updated throughout the system. Please note, this step will be required for each application being updated, regardless if they reside on the same JVM.

Windows

update-config.bat -c <jvm> <product>

UNIX or LINUX

./update-config.sh -c <jvm> <product>

Example : update-config.bat -c IGX IA
Example : update-config.bat -c IGX II
Example : update-config.bat -c IGX IV
Example : update-config.bat -c IGX ER

Comments

0 comments

Please sign in to leave a comment.