Password Encryption
Passwords that are used by individual services of U-Assist are now encrypted using AES (Advanced Encryption Standard) 256 bit algorithm, thus securing applications and sensitive information from data breaches. The password with special characters must be encrypted using single quotes (' '). For example, 'Engg!!%20'. The below property value in the u-assist.env file indicates whether password encryption is enabled. By default, this property value is set as true.
PASSWORD_ENCRYPTION_ENABLED=true
Warning
All the passwords of third-party components must be provided after encryption, if password encryption is enabled. U-Assist does not support one component password in encrypted format and another components password in plaintext format.
Set below property to provide user key as string.
PASSWORD_ENCRYPTION_USER_KEY=
Default value of above property is always empty string ““. Define this property in uassist.env file if only user key is used for encrypting and decrypting the password.
Encryption of password
Go-util package has been implemented for encrypting and decrypting password with AES-256 encryption algorithm.
Password can be encrypted from CLI with encryption-helper file which is specifically built for Linux. This encryption-helper file is available under Encryption folder in the release package.
Syntax:
.\encryption-helper <plaintext> <user-key>
User key is optional. If user key is provided then password is encrypted using that key. In the absence of user key, system will use Uniphore encryption key which is provided in the tool.
.\encryption-helper uniphore@123
Sample Response:
1+xnneE9AYQGcB6Qjkwn6LeOtRdKrdd8vw
Response will not be stored anywhere, not even in logs. Additionally, if you run the cypher again, it will change with the same password because salt is added when creating encrypted passwords.
Note
CLI only supports encryption. Decryption will not be supported.
Decryption of password
The password is currently only decrypted within the services.The decryption functionality is not supported via CLI commands. The go-language utility library "encryption.so" is created as a c-shared library and is used to decode passwords. This encryption.so file is specifically built for Linux and available under Encryption folder in the release package. Services can load this library and decrypt the password.
Refer to the page Calling Go Functions from Other Languages for more details.
Decryption method signature
string Decrypt(string plaintext,string userkey)
Flow diagram
Key Management
Encryption mechanism uses AES-256 algorithm for encryption and decryption, which uses a 32 byte encryption key.
Both the library and the tool have a randomly generated 32-byte constant key defined for encryption. The user can also provide the encryption key, but it is not directly utilized for encryption. The encryption operation is performed on the user key using a Uniphore key in order to generate an encrypted string. This string is used for encrypting and decrypting passwords.