This article details how to encrypt passwords in the Assure, Insight, Perceive and ER database, security configuration, user configuration and application server property files.
Password encryption is optional, though recommended. Unencrypted passwords in the properties files are visible to all users with server-side access.
Two methods are covered below: manual encryption via the crypt script and automatic encryption via the crypt-properties script. Each method has the option for 56-bit or 256-bit encryption.
Manual encryption
PBE-DES 56-bit Encryption
The instructions below for 56-bit password encryption.
- Navigate to your installation's bin directory in command prompt or terminal
- Run the crypt script where
<password>
is the password to encrypt:
Windows
crypt.bat -t PBE-DES <password>
UNIX or Linux
./crypt.sh -t PBE-DES <password>
Example : crypt.bat -t PBE-DES samplepassword - Copy the script output, including the preceding
{enc}
tag - Paste the script output into the desired password properties.
- Run validate-config-values. This validates the changes above and any other edits made to the property files.
- Run update-config. This will propagate the new encrypted passwords throughout the system. Please note, this step will be required for each application updated, regardless if they reside on the same JVM.
AES 256 Bit Encryption
The instructions below for 256-bit password encryption.
- Open the appserver.advanced.properties file located within:
<install_home>/config/<jvm>
- Update the "DEFAULT_ENCRYPTION_LEVEL" property to reflect "AES"
- Download the unrestricted security policy for your JVM. This step will be vary depending on your Java version.
- Navigate to your installation's bin directory in command prompt or terminal
- Run the crypt script where <password> is the password to encrypt:
Windows
crypt.bat -t PBE-DES <password>
UNIX or Linux
./crypt.sh -t PBE-DES <password>
Example : crypt.bat -t PBE-DES samplepassword - Copy the script output, including the preceding
{enc2}
tag - Paste the script output into the desired password properties.
- Run validate-config-values. This validates the changes above and any other edits made to the property files.
- Run update-config. This will propagate the new encrypted passwords throughout the system. Please note, this step will be required for each application updated, regardless if they reside on the same JVM.
Automatic encryption
The instructions below assume a configuration name is used. If you are uncertain what your configuration name is, please review How to check your JVM configuration name. If you do not have a configuration name, then omit -c <jvm>
from the commands below.
PBE-DES 56-bit Encryption
The instructions below for 56-bit password encryption.
- Navigate to your installation's bin directory in command prompt or terminal
- Run the crypt-properties script:
Windows
crypt-properties.bat -c <jvm>
UNIX or Linux
./crypt-properties.sh -c <jvm>
Example : crypt-properties.bat -c IGX - Run validate-config-values. This validates if other edits were made to the property files prior to the next step.
- Run update-config. This will propagate the new encrypted passwords throughout the system. Please note, this step will be required for each application updated, regardless if they reside on the same JVM.
After running the following script, passwords will have an {enc}
prefix within the property files to indicate they are encrypted. If the passwords need to be updated, simply remove the encrypted password, including the {enc}
prefix, and repeat the steps above.
AES 256 Bit Encryption
The instructions below for 256-bit password encryption.
- Open the appserver.advanced.properties file located within:
<install_home>/config/<jvm>
- Update the "DEFAULT_ENCRYPTION_LEVEL" property to reflect "AES"
- Download the unrestricted security policy for your JVM. This step will be vary depending on your Java version.
- Navigate to your installation's bin directory in command prompt or terminal
- Run the crypt-properties script:
Windows
crypt-properties.bat -c <jvm>
UNIX or Linux
./crypt-properties.sh -c <jvm>
Example : crypt-properties.bat -c IGX - Run validate-config-values. This validates if other edits were made to the property files prior to the next step.
- Run update-config. This will propagate the new encrypted passwords throughout the system. Please note, this step will be required for each application updated, regardless if they reside on the same JVM.
Comments
0 comments
Please sign in to leave a comment.