Troubleshooting
Problem
Encrypting and Decrypting passwords in Yantra properties files
Symptom
Can we encrypt and decrypt passwords in our properties file like yfs.properties, yifclient.properties etc. like we do the credit card numbers?
Cause
Resolving The Problem
Yes, you can encrypt and decrypt passwords in Yantra for the yfs.properties,
yifclient.properties etc.
Information regarding this is given in the
Application Development guide under section 8.7.3. The information regarding
encryption of passwords is appended below.
8-42 Application Development
Guide
8.7.3 Data Encryption
Encryption ensures that sensitive data is
not viewed by unauthorized people. Yantra provides APIs that enable you to
encrypt data such as user names, passwords, and credit card numbers. In
addition, encryption and decryption is only applied after it has been specified
within the Configurator. For example, only user exits that have been passed
credit card information can access decrypted credit card numbers.
8.7.4
Encryption Logic in Yantra
Yantra exposes the
com.yantra.ycp.japi.util.YCPEncrypter interface to handle encryption logic. All
of Yantra's encryption and decryption is handled by an encrypter class that
implements this interface. This class is specified by the yfs.encrypter.class
and yfs.propertyencrypter.class properties in the yfs.properties file. Both
classes must implement the com.yantra.ycp.japi.util.YCPEncrypter interface. The
com.yantra.ycp.japi.util.YCPEncrypter interface has the following two
functions:
public java.lang.String encrypt(java.lang.String sData) - sData
is the data passed by Yantra to the implementing class for encryption. The
return value is the encrypted string.
public java.lang.String
decrypt(java.lang.String sData) - sData is the data which is required to be
decrypted. For information on writing your own property encrypter class, see
the
YCPEncrypter interface in the Yantra 5x Javadocs.
Encryption and
decryption functions in this interface are invoked multiple times by Yantra.
Yantra does not distinguish between clear text and encrypted information.
Therefore, the encrypt function may be invoked with previously encrypted data.
In order to avoid double encryption, it is important for the encrypt function
to be able to distinguish between clear
text and previously encrypted
information. If previously encrypted information is passed to the function,
your implementation of this function should return what is passed into it
without encrypting it again.
The decrypt function also should be able to
distinguish between clear text and previously encrypted text.
8.7.5
Disabling Encryption and Decryption
To disable encryption (or decryption),
implement the encrypt (or decrypt) function to return the same value it is
passed as input without any processing.
8.7.6 Choosing a Deployment
Strategy
There are multiple deployment options when choosing an encryption
strategy. The most typical options are:
No encryption or decryption
Both
encryption and decryption
No decryption
Use the following explanation to
guide your decision-making process:
No Encryption or Decryption
If you
operate in a secure and trusted environment which is protected physically and
electronically and you do not display credit card numbers on the Yantra
Application Consoles, you may choose not to implement any encryption logic.
Credit Card numbers are be encrypted in this case and are stored in clear text.
This is not a recommended option except in the following scenarios:
Your
business does not accept, process, or store credit card numbers or other
sensitive information. Yantra is always passed externally encrypted credit card
numbers. All
encryption and decryption is handled externally.
Both
Encryption and Decryption
Yantra encrypts and decrypts credit card numbers
automatically as required. Access to clear text credit card numbers is
available on the Yantra Application Consoles based on user authorization
levels.
No Decryption
If your business requires Yantra to store credit
card numbers, but you never want Yantra to automatically decrypt them under any
circumstances, you may want to enable only the encrypt function and disable the
decrypt function. This way, Yantra encrypts credit card numbers passed in as
clear text but never converts them back. Once Yantra encrypts the information,
all your custom extensions are passed encrypted credit card numbers and must
handle decryption externally. It is important to note that a few user exits in
Yantra (for example, YFSbeforeCreateOrderUE) are invoked before the credit card
number is encrypted, so it still has access to the clear text
number.
8.7.7 Encryption Usage in Yantra
Yantra supports encryption
for the following places:
Properties specified in the yfs.properties,
yif.properties, management.properties files
Credit Card
Numbers
Properties Specified in the yfs.properties File
Properties such
as the JDBC URL, database User ID and Password can be stored encrypted in the
yfs.properties file. Because Yantra needs this information to connect to the
database, these values must be decrypted by Yantra. If you do not wish Yantra
to ever decrypt data, these properties cannot be stored encrypted.
Credit
Card Numbers
Yantra can encrypt Credit Card numbers before storing them in
the database. Unlike the properties specified in the yfs.properties file,
decrypted credit card numbers are never required by Yantra for default
processing. However, you may extend Yantra by implementing a user exit that
requires decrypted credit card numbers for charging or storing
user
preferences. If you don't want Yantra to decrypt information
automatically, you must decrypt these credit card numbers in your
implementation of the user exit.
8.7.8 Encryption Algorithm
Yantra
provides a default encryption algorithm as an implementation of this interface.
Yantra provides a proprietary and simplistic key-based encryption algorithm. If
you need greater assurance of data privacy Yantra recommends that you implement
a more robust standard encryption algorithm for use with Yantra rather than the
default provided with the product.
8.7.10 Encrypting Properties
Some
properties relay sensitive data such as user IDs and passwords, which you may
want to encrypt. Any property (except for the yfs.propertyencrypter.class
property in the yfs.properties file), can be encrypted as needed within the
following files:
yfs.properties
yif.properties
management.properties
To encrypt
properties
When encrypting properties, you need to:
1. Append the
property you want to encrypt with ".encrypted". Note that you cannot encrypt
the yfs.propertyencrypter.class property.
2. Ensure that the
yfs.propertyencrypter.class property is accessible through the CLASSPATH
environment variable
3. Implement the YCPEncrypter interface. For details
about this interface, see the Yantra 5x Javadocs.
These properties ending
with .encrypted are automatically decrypted at runtime.
Historical Number
PRI49521
Product Synonym
[<p><b>]Fact[</b><p>];
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21539763