{scrollbar:icons=false}
h1. {page-info:title}
{panel:title=Contents of this Page}
{toc:minLevel=2}
{panel}
{panel:title=Document Information}
*Author:* Craig Stancl
*Email:* Stancl.craig@mayo.edu
*Team:* LexEVS
*Contract:* CBITT BOA Subcontract# 29XS223
*Client:* NCI CBIIT
National Institutes of Heath
US Department of Health and Human Services
{panel}

*Revision History*
|| Version || Date || Description of Changes  \\ || Author \\ ||
| 1.0 | 5/14/10 \\ | Initial Version Approved via Design Review | Team \\ |

h2. Password Encryption

Encryption is the process of taking data (called _cleartext_) and a short string (a _key_), and producing data (_ciphertext_) meaningless to a third-party who does not know the key. Decryption is the inverse process: that of taking ciphertext and a short key string, and producing cleartext.

LexGrid utilizes the java security API for encryption and decryption of the database passwords. The Security API is a core API of the Java programming language, built around the java.security package (and its subpackages). This API is designed to allow developers to incorporate both low-level and high-level security functionality into their programs.

The Java Cryptography Architecture encompasses the parts of the Java 2 SDK Security API related to cryptography, as well as a set of conventions and specifications provided in this document. It includes a "[provider|http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html#ProviderArch]"architecture that allows for multiple and interoperable cryptography implementations.

h2. Encryption/Decryption implementation Details

h3. Creating a Cipher Object

{code:title=Creating a Cipher Object|borderStyle=solid}
Cipher cipher = Cipher._getInstance_("PBEWithMD5AndDES");
{code}

*"PBEWithMD5AndDES"* is the widely used algorithm used for the encryption process. Other available algorithms are "PBEWithHmacSHA1AndDESede", "AES", "Blowfish", "DES", "DESede" etc.

h3. Initializing a Cipher Object

{code:title=Initializing a Cipher Object|borderStyle=solid}
cipher.init(<MODE>, _<KEY>_, <_PBEParameterSpec_>);
{code}

A Cipher object obtained via getInstance must be initialized for one of four modes, which are defined as final integer constants in the Cipher class. The modes can be referenced by their symbolic names, which are shown below along with a description of the purpose of each mode:
* ENCRYPT_MODE: Encryption of data.
* DECRYPT_MODE: Decryption of data.
* WRAP_MODE: Wrapping a Key into bytes so that the key can be securely transported.
* UNWRAP_MODE: Unwrapping of a previously wrapped key into a java.security.Key object.

h3. Encrypting and Decrypting Data

{{cipherBytes = cipher.doFinal(<text to encrypt/decrypt>);}}

Passwords in LexEVS are encrypted /decrypted in one step (_single-part operation_) by passing the text to encrypt/decrypt as a parameter.

!cryptoutility.jpg|alt=crypto utility diagram'!\\

*Following are the steps to encrypt the password of LexEVS database.*


# Run PasswordEncryptor.sh or PasswordEncryptor.bat (pass password text as a parameter) from lbAdmin to generate the encrypted password.
#* Generated password will be stored in a file @ lbAdmin/password.txt
# Copy the encrypted password from password.txt and paste it in lbConfig.props file ( DB_PASSWORD=<Encrypted_Password> )
# Set the new lbConfig parameter DB_PASSWORD_ENCRYPTED=true (value case insensitive) .
#* Note : any value other than 'true' (or no value) for DB_PASSWORD_ENCRYPTED is considered as 'false'.
\\
# When password encryption is off, use the password directly as you have been using till now.

{scrollbar:icons=false}