...

Page info
title title

Revision History

Password Encryption

Encryption is the process of taking data (called cleartext) and a short string (a key), and producing data (ciphertext) meaningless to a third-party who does not know the key. Decryption is the inverse process: that of taking ciphertext and a short key string, and producing cleartext.

LexGrid utilizes the java security API for encryption and decryption of the database passwords. The Security API is a core API of the Java programming language, built around the java.security package (and its subpackages). This API is designed to allow developers to incorporate both low-level and high-level security functionality into their programs.

The Java Cryptography Architecture encompasses the parts of the Java 2 SDK Security API related to cryptography, as well as a set of conventions and specifications provided in this document. It includes a "provider"architecture that allows for multiple and interoperable cryptography implementations.

Encryption/Decryption implementation Details

Creating a Cipher Object

 \\ | Initial Version Approved via Design Review | Team \\ |

h2. Password Encryption

Encryption is the process of taking data (called _cleartext_) and a short string (a _key_), and producing data (_ciphertext_) meaningless to a third-party who does not know the key. Decryption is the inverse process: that of taking ciphertext and a short key string, and producing cleartext.

LexGrid utilizes the java security API for encryption and decryption of the database passwords. The Security API is a core API of the Java programming language, built around the java.security package (and its subpackages). This API is designed to allow developers to incorporate both low-level and high-level security functionality into their programs.

The Java Cryptography Architecture encompasses the parts of the Java 2 SDK Security API related to cryptography, as well as a set of conventions and specifications provided in this document. It includes a "[provider|http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html#ProviderArch]"architecture that allows for multiple and interoperable cryptography implementations.

h2. Encryption/Decryption implementation Details

h3. Creating a Cipher Object

{code:title=Creating a Cipher Object|borderStyle=solid}
Cipher cipher = Cipher._getInstance_("PBEWithMD5AndDES");
{code}

*

"PBEWithMD5AndDES"

...

is

...

the

...

widely

...

used

...

algorithm

...

used

...

for

...

the

...

encryption

...

process.

...

Other

...

available

...

algorithms

...

are

...

"PBEWithHmacSHA1AndDESede",

...

"AES",

...

"Blowfish",

...

"DES",

...

"DESede"

...

etc.

...

Initializing

...

a

...

Cipher

...

Object

{code:title=Initializing a Cipher Object|borderStyle=solid}
cipher.init(<MODE>, _<KEY>_, <_PBEParameterSpec_>);
{code}

A

...

Cipher

...

object

...

obtained

...

via

...

getInstance

...

must

...

be

...

initialized

...

for

...

one

...

of

...

four

...

modes,

...

which

...

are

...

defined

...

as

...

final

...

integer

...

constants

...

in

...

the

...

Cipher

...

class.

...

The

...

modes

...

can

...

be

...

referenced

...

by

...

their

...

symbolic

...

names,

...

which

...

are

...

shown

...

below

...

along

...

with

...

a

...

description

...

of

...

the

...

purpose

...

of

...

each

...

mode:

...

• ENCRYPT_MODE:

...

• Encryption

...

• of

...

• data.

...

• DECRYPT_MODE:

...

• Decryption

...

• of

...

• data.

...

• WRAP_MODE:

...

• Wrapping

...

• a

...

• Key

...

• into

...

• bytes

...

• so

...

• that

...

• the

...

• key

...

• can

...

• be

...

• securely

...

• transported.

...

• UNWRAP_MODE:

...

• Unwrapping

...

• of

...

• a

...

• previously

...

• wrapped

...

• key

...

• into

...

• a

...

• java.security.Key

...

• object.

...

Encrypting

...

and

...

Decrypting

...

Data

...

cipherBytes

...

=

...

cipher.doFinal(<text

...

to

...

encrypt/decrypt>);

...

Passwords

...

in

...

LexEVS

...

are

...

encrypted

...

/decrypted

...

in

...

one

...

step

...

(

...

single-part

...

operation

...

)

...

by

...

passing

...

the

...

text

...

to

...

encrypt/decrypt

...

as

...

a

...

parameter.

Image Added

Following are the steps to encrypt the password of LexEVS database.

1. Run PasswordEncryptor.sh or PasswordEncryptor.bat (pass password text as a parameter) from lbAdmin to generate the encrypted password.
   • Generated password will be stored in a file @ lbAdmin/password.txt
2. Copy the encrypted password from password.txt and paste it in lbConfig.props file ( DB_PASSWORD=<Encrypted_Password>

...

1. )

...

2. Set

...

1. the

...

1. new

...

1. lbConfig

...

1. parameter

...

1. DB_PASSWORD_ENCRYPTED=true

...

1. (value

...

1. case

...

1. insensitive)

...

1. .

...

1. • Note

...

1. • :

...

1. • any

...

1. • value

...

1. • other

...

1. • than

...

1. • 'true'

...

1. • (or

...

1. • no

...

1. • value)

...

1. • for

...

1. • DB_PASSWORD_ENCRYPTED

...

1. • is

...

1. • considered

...

1. • as

...

1. • 'false'.

...

1. • 
     
2. When password encryption is off, use the password directly as you have been using till now.

Scrollbar
icons false