4 Encryption

With Agile e6.2.0.0, the Advanced Encryption Standard (AES) is supported.

This encryption mechanism is used to encrypt the passwords within property files.

4.1 Encrypt Passwords

In some cases you may need to encrypt passwords manually.

To encrypt a password, you can use the epkeytool which is part of the Agile e6 installation.

The epkeytool can be started by calling:

%EP_ROOT%\axalant\cmd\epkeytool.bat -encryptpwd -keyStore file://<complete path to the wallet which has to be used>/cwallet.sso -keyAlias orakey

Note: Which wallet you have to use depends on which component should work with the encrypted password.The section "Manual Creation of Wallets" explains in detail how to create manually a wallet and the manual deployment of that wallet.

The epkeytool prompts for the password to encrypt, the output (encrypted password) will look similar to:

{PLM-AES-128}RSA-PUBLIC-BASE64:QjFurSOpjlhQER+wZFF7L/XgD1+npwlEBcK0DDpNeYJ8gbxhIxuMZpZ4yEsuGuJQ5eZJiUHsHEW1X1pJddylUmrZm6rn+rx/BOfZlITnUvMpF93Ej11wdVu+DObmSazKD3v7rpAwpKXsFMeiKCVVVF7g5C2k033/UZTCnoPUAtE={PLM-AES-128}CVVOULGVgv06h2FJCMrAGrvyEgCeV9S0gZoTF4uCgL8=

4.2 Secured Components

For the following components you need to encrypt passwords manually:

• Batch Client

• OfficeSuite PDF Generator

• AutoVue Offline Metafile Cache

All these components are based on the Batch Client technology. For each scenario, the components have property files which contain the Batch user password.

Note: An Agile e6 batch user account must have limited access to the Agile e6 system and the installation directory needs to be secured to protect the properties files.

The Batch Clients do not support clear text passwords.

4.3 WebLogic Encryption

Passwords for WebLogic cannot be encrypted with the epkeytool. They have to be encrypted with the WebLogic server.

These passwords can only be encrypted with the WebLogic domain where they will be used. WebLogic passwords depend on a domain specific secret.

This means that the passwords in the batch installation properties file, which are WebLogic specific, cannot be stored encrypted when the WebLogic domains will be created with an Agile e6 batch installation.

It is possible for the (re)deployment of the Business Service to store the database password encrypted in the batch installation properties file. The following script can be used to generate an encrypted password:

$ep_root/build/applicationServer/weblogic_121/scripts/<app_domain>/WLSencrpyt.

All of the following passwords can only be used unencrypted for a batch installation:

• WebLogic Admin Password Installation Domain

• WebLogic Admin Password Application Domain

• PLM Authenticator Password

4.4 Agile e6 Encryption

The epkeytool is available directly from the installation package. The scripts for Windows and UNIX are located in the directory installer/tools/bin.

4.4.1 EDM Server

The following list shows all passwords that are encrypted with the epkeytool.

• Database Password in the ep_root/init/<env>.xml file

• Java Daemon Administration Password

• Unprivileged Windows User Password

  Local Windows User which is used by the following services:

  • Java

  • FMS

  • Java and Portmapper

4.4.2 File Server

Privileged Windows User Password that use Windows encryption mechanisms.

Local Windows User which is used by the following service:

• File Server

4.4.3 WebLogic

Mail Auth User Password for the Business Service in the WebLogic domain.

4.4.4 Batch Clients

• Batch user in properties files for standard Batch Client

• Batch user in properties files for Office Suite PDF generator

• Batch user in properties files for AutoVue Offline Metafile cache

4.5 Enterprise Integration Platform Encryption

The encryption tool is available directly from the installed package. The scripts for Windows and UNIX are located in the directory bin. Please refer to the Enterprise Integration Platform Administration Guide for more details.