Why and How to Use Data Encryption
You can use encryption to increase the security of the customer login information passed to the customer portal pages from an external site.
By default, encryption is disabled and the data received by the customer portal page URL is Base 64 encoded and then decoded. With encryption enabled, the data is still Base 64 encoded and decoded, but then it is converted to an encrypted string.
Note: If you do not want to use data encryption, you must define a value for the
PTA_SECRET_KEY configuration setting in order to validate login parameters. This value should be
passed as a p_li_passwd parameter encoded in the PTA login string.
Four configuration settings are used to configure PTA data encryption. For the procedure to edit configuration settings, see Edit Configuration Settings.
| Setting | Description |
|---|---|
| PTA_ENCRYPTION_METHOD | Specifies the encryption method you want to use, and is blank by default. The options are des3, aes128, aes192, and aes256. |
| PTA_ENCRYPTION_IV | Lets you specify an initialization vector value to use for PTA encryption. Initialization vectors are optional, but can help you increase the security of the encryption. You can enter up to a 16-byte value, given as a hex-encoded (base 16) list of bytes. The value depends on the type of encryption specified in the PTA_ENCRYPTION_METHOD configuration setting. 16 bytes are required for aes128, aes192, and aes256 encryptions, and 8 bytes are required for des3 encryption. |
| Optionally, you can enter a value of ENCODED if the decryption method expects the initialization vector to be read from the encrypted string (after the salt, if salt is used) and before the encrypted value. This option is more secure than hardcoded values if the proper cryptographically random values are sent along in the encrypted data. | |
| PTA_ENCRYPTION_KEYGEN | Specifies the keygen method used for PTA encryption. The default value is RSSL_KEYGEN_PKCS5_V20, and the other options are RSSL_KEYGEN_PK55_V15 and RSSL_KEYGEN_NONE. |
| PTA_ENCRYPTION_PADDING | Specifies the padding method used for PTA encryption. The default value is RSSL_PAD_ANSIX923, and the other options are RSSL_PAD_PKCS7, RSSL_PAD_NONE, RSSL_PAD_ZERO, and RSSL_PAD_ISO10126. |
| PTA_ENCRYPTION_SALT | Lets you specify a salt value to use for PTA encryption. Salt values are optional, but can help you increase the security of the encryption. You can enter up to an 8-byte value, given as a hex-encoded (base 16) list of bytes. |
| Optionally, you can enter a value of ENCODED if the decryption method expects the salt to be read from the encrypted string before the initialization vector and the encrypted value. This option is more secure than hardcoded values if the proper cryptographically random values are sent along in the encrypted data. | |
| PTA_SECRET_KEY | Specifies the key used to decode the encrypted PTA string. The value is blank by default. (Do not include the value of PTA_SECRET_KEY in the string itself. The setting should be used only to encrypt the value sent.) |