This article details how to encrypt passwords in the Assure, Insight, Perceive and ER database, security configuration, user configuration and application server property files.
Password encryption is optional, though recommended. Unencrypted passwords in the properties files are visible to all users. By default, Infogix scripts utilize 56-bit PBE-DES encryption though AES 256-bit encryption is additionally supported.
Please note, all scripts mentioned within this article may be located within the <install_home>/bin directory. Additionally, the value "<jvm>" will be your custom configuration name defined within the <install_home>/config directory. Leaving the "-c <jvm>" argument out of the script execution will result in encrypting the default folder, located within <install_home>/config.
PBE-DES 56 Bit Encryption
1 ) Run the following command(s) if 56-bit password encryption is desired. After running the following script, passwords will have an {enc} prefix to indicate they are encrypted. If AES 256-bit encryption is preferred, please skip this section.
Windows
crypt-properties.bat -c <jvm>
UNIX or Linux
./crypt-properties.sh -c <jvm>
Example : crypt-properties.bat -c IGX
2 ) Run the following command to validate the configuration, now with encrypted password values in place. Please note, this step will be required for each application being updated, regardless if they reside on the same JVM.
Windows
validate-config-values.bat -c <jvm> <product>
UNIX or Linux
./validate-config-values.sh -c <jvm> <product>
Example : validate-config-values.bat -c IGX IA
Example : validate-config-values.bat -c IGX II
Example : validate-config-values.bat -c IGX IV
Example : validate-config-values.bat -c IGX ER
3 ) Run the following command to ensure the new encrypted passwords are updated throughout the system. Please note, this step will be required for each application being updated, regardless if they reside on the same JVM.
Windows
update-config.bat -c <jvm> <product>
UNIX or LINUX
./update-config.sh -c <jvm> <product>
Example : update-config.bat -c IGX IA
Example : update-config.bat -c IGX II
Example : update-config.bat -c IGX IV
Example : update-config.bat -c IGX ER
AES 256 Bit Encryption
Complete this section if 256-bit password encryption is desired. After running the following script, passwords will have an {enc2} prefix to indicate they are encrypted.
1 ) Open the appserver.advanced.properties file located within <install_home>/config/<jvm>
Update the "DEFAULT_ENCRYPTION_LEVEL" property to reflect "AES"
2 ) Download the unrestricted security policy for your JVM. This step will be dependent on your JAVA version, for example :
For Oracle (Sun) JVM 1.6:
http://www.oracle.com/technetwork/java/javase/downloads/jce-6-
download-429243.html
For IBM® JVM:
https://www14.software.ibm.com/webapp/iwm/web/
preLogin.do?source=jcesdk
3 ) Unzip the "JCE Policy" / "Unrestricted" zip and follow the instructions located within the "README" file to install the "US_export_policy.jar" / "local_policy.jar".
4 ) Run the following command with the AES value
Windows
crypt-properties.bat -c <jvm> -t AES
UNIX or LINUX
./crypt-properties.sh -c <jvm> -t AES
5 ) Run the following command to validate the configuration, now with encrypted password values in place. Please note, this step will be required for each application being updated, regardless if they reside on the same JVM.
Windows
validate-config-values.bat -c <jvm> <product>
UNIX or Linux
./validate-config-values.sh -c <jvm> <product>
Example : validate-config-values.bat -c IGX IA
Example : validate-config-values.bat -c IGX II
Example : validate-config-values.bat -c IGX IV
Example : validate-config-values.bat -c IGX ER
6 ) Run the following command to ensure the new encrypted passwords are updated throughout the system. Please note, this step will be required for each application being updated, regardless if they reside on the same JVM.
Windows
update-config.bat -c <jvm> <product>
UNIX or LINUX
./update-config.sh -c <jvm> <product>
Example : update-config.bat -c IGX IA
Example : update-config.bat -c IGX II
Example : update-config.bat -c IGX IV
Example : update-config.bat -c IGX ER
Comments
0 comments
Please sign in to leave a comment.