Why and How to Use Data Encryption

You can use encryption to increase the security of the customer login information passed to the customer portal pages from an external site.

By default, encryption is disabled and the data received by the customer portal page URL is Base 64 encoded and then decoded. With encryption enabled, the data is still Base 64 encoded and decoded, but then it is converted to an encrypted string.

Note: If you do not want to use data encryption, you must define a value for the PTA_SECRET_KEY configuration setting in order to validate login parameters. This value should be passed as a p_li_passwd parameter encoded in the PTA login string.

Four configuration settings are used to configure PTA data encryption. For the procedure to edit configuration settings, see Edit Configuration Settings.

Table 1. Data-Encryption Configuration SettingsTable describing PTA data-encryption configuration settings.
Setting Description
PTA_ENCRYPTION_METHOD Specifies the encryption method you want to use, and is blank by default. The options are des3, aes128, aes192, and aes256.
PTA_ENCRYPTION_IV Lets you specify an initialization vector value to use for PTA encryption. Initialization vectors are optional, but can help you increase the security of the encryption. You can enter up to a 16-byte value, given as a hex-encoded (base 16) list of bytes. The value depends on the type of encryption specified in the PTA_ENCRYPTION_METHOD configuration setting. 16 bytes are required for aes128, aes192, and aes256 encryptions, and 8 bytes are required for des3 encryption.
Optionally, you can enter a value of ENCODED if the decryption method expects the initialization vector to be read from the encrypted string (after the salt, if salt is used) and before the encrypted value. This option is more secure than hardcoded values if the proper cryptographically random values are sent along in the encrypted data.
PTA_ENCRYPTION_KEYGEN Specifies the keygen method used for PTA encryption. The default value is RSSL_KEYGEN_PKCS5_V20, and the other options are RSSL_KEYGEN_PK55_V15 and RSSL_KEYGEN_NONE.
PTA_ENCRYPTION_PADDING Specifies the padding method used for PTA encryption. The default value is RSSL_PAD_ANSIX923, and the other options are RSSL_PAD_PKCS7, RSSL_PAD_NONE, RSSL_PAD_ZERO, and RSSL_PAD_ISO10126.
PTA_ENCRYPTION_SALT Lets you specify a salt value to use for PTA encryption. Salt values are optional, but can help you increase the security of the encryption. You can enter up to an 8-byte value, given as a hex-encoded (base 16) list of bytes.
Optionally, you can enter a value of ENCODED if the decryption method expects the salt to be read from the encrypted string before the initialization vector and the encrypted value. This option is more secure than hardcoded values if the proper cryptographically random values are sent along in the encrypted data.
PTA_SECRET_KEY Specifies the key used to decode the encrypted PTA string. The value is blank by default. (Do not include the value of PTA_SECRET_KEY in the string itself. The setting should be used only to encrypt the value sent.)