Encrypting passwords

You can encrypt passwords with an EGL command-line utility. Password encryption is supported only for Java programs and the debugger, not for COBOL programs.

When EGL generates output files, it automatically encrypts passwords in property files and literals that are passed to system functions. For example, here is a call to the sqlLib.connect system function:
sqlLib.connect(myDatabase, myUserid, "myPassword");
Because the password parameter is specified as a string literal, it is automatically encrypted in the generated code.
However, if you hard-code your password in a place other than the function call, EGL does not encrypt the password:
myPasswordVariable string = "myPassword";
sqlLib.connect(myDatabase, myUserid, myPasswordVariable);
In this case, the password is not encrypted and is displayed in the generated source.
You can manually encrypt your password by running the command-line utility and using the returned encrypted value in your code:
myPasswordVariable string = "crypto:abcdef12345";
sqlLib.connect(myDatabase, myUserid, myPasswordVariable);
Following are some places where you might need to manually encrypt hard-coded passwords:
  • Variables in which you store passwords
  • CallLink element properties, such as ctgKeyStorePassword
  • Calls to system functions, such as sqlLib.connect, sysLib.setRemoteUser, or VGLib.connectionService in which you do not pass the password as a literal in the function call

When an EGL system function receives a password with the crypto: prefix, it decrypts the password automatically. For this reason, you must encrypt any passwords beginning with the characters crypto:; otherwise, EGL will attempt to decrypt the non-encrypted password.

Follow these steps to encrypt a password:

  1. Add your Java executable to the system's path:
    1. Obtain and install a Java SDK if you do not already have one. IBM® offers a Java SDK for download at the following website: https://www.ibm.com/support/pages/java-sdk/.
    2. In your system's PATH environment variable, add the location of the Java SDK. See your operating system's documentation for instructions.
  2. Open a command prompt.
  3. Navigate to the following location: 
    shared_resources\plugins\
com.ibm.etools.egl.java.runtime_version
    shared_resources
    The shared resources directory for your product, such as C:\Program Files\IBM\SDP70Shared on a Windows system or /opt/IBM/SDP70Shared on a Linux system. If you installed and kept a previous version of an IBM® product containing EGL before installing your current product, you may need to specify the shared resources directory that was set up in the earlier installation.
    version
    The installed version of the plugin. If more than one is present, use the one with the most recent version number, unless you have a reason to use an older version.
  4. Type the following command to invoke the program:
    java -classpath fda7.jar com.ibm.javart.security.PasswordEncrypter
    The program displays the prompt Enter text to encrypt:.
  5. Type your password and press Enter. The program returns an encrypted string beginning with the prefix crypto:.
  6. Copy the entire returned string, including the crypto: prefix, into places in which you would ordinarily hard-code your password.
  7. Save the changed files and regenerate the project.