NIH | National Cancer Institute | NCI Wiki  

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin
Scrollbar
iconsfalse

...

Page info
title
title

Panel
titleContents of this Page
Table of Contents
minLevel2
Panel
titleDocument Information

Author: Craig Stancl
Email:

:title} {panel:title=Contents of this Page} {toc:minLevel=2} {panel} {panel:title=Document Information} *Author:* Craig Stancl *Email:*

Stancl.craig@mayo.edu

*


Team:

*

LexEVS

*


Contract:

*

CBITT

BOA

Subcontract#

29XS223

*


Client:

*

NCI

CBIIT


National

Institutes

of

Heath


US

Department

of

Health

and

Human

Services {panel} *Revision History* || Version || Date || Description of Changes  \\ || Author \\ || | 1.0 |

Services

Revision History

Version

Date

Description of Changes 

Author

1.0

5/14/10

Initial Version Approved via Design Review

Team

Password Encryption

Encryption is the process of taking data (called cleartext) and a short string (a key), and producing data (ciphertext) meaningless to a third-party who does not know the key. Decryption is the inverse process: that of taking ciphertext and a short key string, and producing cleartext.

LexGrid utilizes the java security API for encryption and decryption of the database passwords. The Security API is a core API of the Java programming language, built around the java.security package (and its subpackages). This API is designed to allow developers to incorporate both low-level and high-level security functionality into their programs.

The Java Cryptography Architecture encompasses the parts of the Java 2 SDK Security API related to cryptography, as well as a set of conventions and specifications provided in this document. It includes a "provider"architecture that allows for multiple and interoperable cryptography implementations.

Encryption/Decryption implementation Details

Creating a Cipher Object

Code Block
borderStylesolid
titleCreating a Cipher Object
 \\ | Initial Version Approved via Design Review | Team \\ |

h2. Password Encryption

Encryption is the process of taking data (called _cleartext_) and a short string (a _key_), and producing data (_ciphertext_) meaningless to a third-party who does not know the key. Decryption is the inverse process: that of taking ciphertext and a short key string, and producing cleartext.

LexGrid utilizes the java security API for encryption and decryption of the database passwords. The Security API is a core API of the Java programming language, built around the java.security package (and its subpackages). This API is designed to allow developers to incorporate both low-level and high-level security functionality into their programs.

The Java Cryptography Architecture encompasses the parts of the Java 2 SDK Security API related to cryptography, as well as a set of conventions and specifications provided in this document. It includes a "[provider|http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html#ProviderArch]"architecture that allows for multiple and interoperable cryptography implementations.

h2. Encryption/Decryption implementation Details

h3. Creating a Cipher Object

{code:title=Creating a Cipher Object|borderStyle=solid}
Cipher cipher = Cipher._getInstance_("PBEWithMD5AndDES");
{code}

*

"PBEWithMD5AndDES"

...

is

...

the

...

widely

...

used

...

algorithm

...

used

...

for

...

the

...

encryption

...

process.

...

Other

...

available

...

algorithms

...

are

...

"PBEWithHmacSHA1AndDESede",

...

"AES",

...

"Blowfish",

...

"DES",

...

"DESede"

...

etc.

...

Initializing

...

a

...

Cipher

...

Object

Code Block
borderStylesolid
titleInitializing a Cipher Object


{code:title=Initializing a Cipher Object|borderStyle=solid}
cipher.init(<MODE>, _<KEY>_, <_PBEParameterSpec_>);
{code}

A

...

Cipher

...

object

...

obtained

...

via

...

getInstance

...

must

...

be

...

initialized

...

for

...

one

...

of

...

four

...

modes,

...

which

...

are

...

defined

...

as

...

final

...

integer

...

constants

...

in

...

the

...

Cipher

...

class.

...

The

...

modes

...

can

...

be

...

referenced

...

by

...

their

...

symbolic

...

names,

...

which

...

are

...

shown

...

below

...

along

...

with

...

a

...

description

...

of

...

the

...

purpose

...

of

...

each

...

mode:

...

  • ENCRYPT_MODE:

...

  • Encryption

...

  • of

...

  • data.

...

  • DECRYPT_MODE:

...

  • Decryption

...

  • of

...

  • data.

...

  • WRAP_MODE:

...

  • Wrapping

...

  • a

...

  • Key

...

  • into

...

  • bytes

...

  • so

...

  • that

...

  • the

...

  • key

...

  • can

...

  • be

...

  • securely

...

  • transported.

...

  • UNWRAP_MODE:

...

  • Unwrapping

...

  • of

...

  • a

...

  • previously

...

  • wrapped

...

  • key

...

  • into

...

  • a

...

  • java.security.Key

...

  • object.

...

Encrypting

...

and

...

Decrypting

...

Data

...

cipherBytes

...

=

...

cipher.doFinal(<text

...

to

...

encrypt/decrypt>);

...

Passwords

...

in

...

LexEVS

...

are

...

encrypted

...

/decrypted

...

in

...

one

...

step

...

(

...

single-part

...

operation

...

)

...

by

...

passing

...

the

...

text

...

to

...

encrypt/decrypt

...

as

...

a

...

parameter.

crypto utility diagram'Image Added

Following are the steps to encrypt the password of LexEVS database.

  1. Run PasswordEncryptor.sh or PasswordEncryptor.bat (pass password text as a parameter) from lbAdmin to generate the encrypted password.
    • Generated password will be stored in a file @ lbAdmin/password.txt
  2. Copy the encrypted password from password.txt and paste it in lbConfig.props file ( DB_PASSWORD=<Encrypted_Password>

...

  1. )

...

  1. Set

...

  1. the

...

  1. new

...

  1. lbConfig

...

  1. parameter

...

  1. DB_PASSWORD_ENCRYPTED=true

...

  1. (value

...

  1. case

...

  1. insensitive)

...

  1. .

...

    • Note

...

    • :

...

    • any

...

    • value

...

    • other

...

    • than

...

    • 'true'

...

    • (or

...

    • no

...

    • value)

...

    • for

...

    • DB_PASSWORD_ENCRYPTED

...

    • is

...

    • considered

...

    • as

...

    • 'false'.

...


  1. When password encryption is off, use the password directly as you have been using till now.
Scrollbar
iconsfalse