Back to Contents

FGLPROFILE password encryption

For security reasons, it is recommended that you avoid storing clear passwords in a file. The Genero Web Services Extension enables the password encryption of a HTTP Authenticate entry in the FGLPROFILE file. The encrypted password is decrypted by the Genero Web Services engine when required.

Summary:

• FglPass tool

• Encrypting a HTTP Authenticate password

• Encrypting a HTTP Authenticate password using a certificate in the Windows key store

FglPass tool

The Genero Web Services package provides a command line tool called fglpass. The fglpass tool can encrypt a password from a X.509 certificate. The encrypted password is displayed on the console in a Base64 form, composed only of alphanumeric characters, and therefore easily usable in any text file.

Notes:

1. The fglpass tool can also decrypt a password it previously encrypted with a certificate; however the private key associated to that certificate must be accessible.
   (Type fglpass -h for more details)

Return to top

Encrypting a HTTP Authenticate password

• Find the HTTP Authenticate entry with the password you want to encrypt:
  
  authenticate.myentry.login    = "fourjs"
authenticate.myentry.password = "mypassword"

  
• Add the certificate and its private key in the FGLPROFILE file as follows:
  
  security.mykey.certificate = "MyCertificate.crt"
security.mykey.privatekey  = "MyPrivateKey.pem"
  
  
• Encrypt the password with fglpass:
  
  $ fglpass -c MyCertificate.crt
Enter password :mypassword
  
  The fglpass output looks like the following:
  
  BASE64 BEGIN
dBy3E5JCVxuoxsR+aOBVfp1j0SwQPt+hdjpMKriWvO2xMd5rFnFEwv+sPPd4w/onWviG0M5mqubBeS7QUlt/ZK0D1aO9/R5RVa5wylQu
//6vxfyd8NG/SFJmlVH63kuyXfiVfq6bHo5+nlQZpVjSHfF2msET3S9HTpZUt4NblP4=
BASE64 END
  
  Note: The encrypted password corresponds to the big suite of alphanumeric characters between BASE64 BEGIN and BASE64 END. The long line of text is wrapped for display purposes only.
  
  
• Replace the clear password with the encrypted one, and specify the key used to encrypt it (mykey in our case):
  
  authenticate.myentry.login          = "fourjs"
authenticate.myentry.password.mykey = "dBy3E5JCVxuoxsR+aOBVfp1j0SwQPt+hdjpMKriWvO2xMd5rFnFEwv+sPPd4w
/onWviG0M5mqubBeS7QUlt/ZK0D1aO9/R5RVa5wylQu//6vxfyd8NG/SFJmlVH63kuyXfiVfq6bHo5+nlQZpVjSHfF2msET3S9HTpZUt4NblP4="
  
  Note: Do not forget to put quotes around the base64 form; otherwise the '=' character is interpreted during the loading of FGLPROFILE. The long line of text is wrapped for display purposes only.

Return to top

Encrypting a HTTP Authenticate password using a certificate in the Windows key store

• Find the HTTP Authenticate entry with the password you want to encrypt:
  
  authenticate.myentry.login    = "fourjs"
authenticate.myentry.password = "mypassword"
  
  
• Add the subject of the certificate registered in the Windows key store:
  security.mykey.subject = "Georges"
  
  
• Encrypt the password with fglpass:
  
  $ fglpass -s Georges
Enter password :mypassword
  
  The fglpass output looks like this:
  
  BASE64 BEGIN
dBy3E5JCVxuoxsR+aOBVfp1j0SwQPt+hdjpMKriWvO2xMd5rFnFEwv+sPPd4w/onWviG0M5mqubBeS7QUlt/ZK0D1aO9/R5RVa5wylQu//6vxfyd8NG
/SFJmlVH63kuyXfiVfq6bHo5+nlQZpVjSHfF2msET3S9HTpZUt4NblP4=
BASE64 END
  
  Note: The encrypted password corresponds to the big suite of alphanumeric characters between BASE64 BEGIN and BASE64 END. The long line of text is wrapped for display purposes only.
  
  
• Replace the clear password with the encrypted one, and specify the key used to encrypt it (mykey in our case):
  
  authenticate.myentry.login          = "fourjs"
authenticate.myentry.password.mykey = "dBy3E5JCVxuoxsR+aOBVfp1j0SwQPt+hdjpMKriWvO2xMd5rFnFEwv+sPPd4w
/onWviG0M5mqubBeS7QUlt/ZK0D1aO9/R5RVa5wylQu//6vxfyd8NG/SFJmlVH63kuyXfiVfq6bHo5+nlQZpVjSHfF2msET3S9HTpZUt4NblP4="
  
  Note: Do not forget to put quotes around the base64 form; otherwise the '=' character is interpreted during the loading of FGLPROFILE. The long line of text is wrapped for display purposes only.

Return to top