Oracle Agile Engineering Data Management Security Guide Release e6.2.0.0 E52560-02 |
|
Previous |
Next |
With Agile e6.2.0.0, the Advanced Encryption Standard (AES) is supported.
This encryption mechanism is used to encrypt the passwords within property files.
In some cases you may need to encrypt passwords manually.
To encrypt a password, you can use the epkeytool which is part of the Agile e6 installation.
The epkeytool can be started by calling:
%EP_ROOT%\axalant\cmd\epkeytool.bat -encryptpwd -keyStore file://<complete path to the wallet which has to be used>/cwallet.sso -keyAlias orakey
Note: Which wallet you have to use depends on which component should work with the encrypted password.The section "Manual Creation of Wallets" explains in detail how to create manually a wallet and the manual deployment of that wallet. |
The epkeytool prompts for the password to encrypt, the output (encrypted password) will look similar to:
{PLM-AES-128}RSA-PUBLIC-BASE64:QjFurSOpjlhQER+wZFF7L/XgD1+npwlEBcK0DDpNeYJ8gbxhIxuMZpZ4yEsuGuJQ5eZJiUHsHEW1X1pJddylUmrZm6rn+rx/BOfZlITnUvMpF93Ej11wdVu+DObmSazKD3v7rpAwpKXsFMeiKCVVVF7g5C2k033/UZTCnoPUAtE={PLM-AES-128}CVVOULGVgv06h2FJCMrAGrvyEgCeV9S0gZoTF4uCgL8=
For the following components you need to encrypt passwords manually:
Batch Client
OfficeSuite PDF Generator
AutoVue Offline Metafile Cache
All these components are based on the Batch Client technology. For each scenario, the components have property files which contain the Batch user password.
Note: An Agile e6 batch user account must have limited access to the Agile e6 system and the installation directory needs to be secured to protect the properties files. |
The Batch Clients do not support clear text passwords.
Passwords for WebLogic cannot be encrypted with the epkeytool. They have to be encrypted with the WebLogic server.
These passwords can only be encrypted with the WebLogic domain where they will be used. WebLogic passwords depend on a domain specific secret.
This means that the passwords in the batch installation properties file, which are WebLogic specific, cannot be stored encrypted when the WebLogic domains will be created with an Agile e6 batch installation.
It is possible for the (re)deployment of the Business Service to store the database password encrypted in the batch installation properties file. The following script can be used to generate an encrypted password:
$ep_root/build/applicationServer/weblogic_121/scripts/<app_domain>/WLSencrpyt.
All of the following passwords can only be used unencrypted for a batch installation:
WebLogic Admin Password Installation Domain
WebLogic Admin Password Application Domain
PLM Authenticator Password
The epkeytool is available directly from the installation package. The scripts for Windows and UNIX are located in the directory installer/tools/bin.
The following list shows all passwords that are encrypted with the epkeytool.
Database Password in the ep_root/init/<env>.xml file
Java Daemon Administration Password
Unprivileged Windows User Password
Local Windows User which is used by the following services:
Java
FMS
Java and Portmapper