PasswordEncryptor

The PasswordEncryptor component ensures that there are no plain text passwords in the Open adapter components.

The Event Stream Processor Extension for Open adapter provides sample keystores with the pairs of private and public keys. The default location of keystores is $ESP_HOME/adapters/esp_open/lib/security. There are three samples:

jksKeyStore – a Java native keystore containing an RSA key pair generated with 512 encryption strength. The password for keystore is "changeit", and the key pair alias is "adaptor".
pkcs8KeyStore.der – a keystore in the form PKCS#8 standard, and encoded using DER. It does not expect a password and alias. It contains an RSA key-pair, and is generated using 512 encryption strength.
pkcs12KeyStore.p12 – keystore in the form PKCS#12 standard. The password is "changeit" and alias is"adaptor".

Note: The keystores above are samples only. In a production system, use your own keys.

The Open adapter offers a simple tool to encrypt password strings. In $ESP_HOME/adapters/esp_open/bin, the pwdenc.sh and pwdenc.bat files allow you to encrypt passwords. The tool requires two parameters:

-t – the type of keystore. Valid values are JKS, PKCS8, and PKCS12.
- k – keystore location.

If you provide no settings, the tool uses these default values:

pwdenc -t JKS -k ../lib/security/jksKeyStore.der

Depending on the keystore type, the tool asks further questions. Encrypted passwords are stored in the encrytedPwd.txt file of the directory where the shell script is executed. For example, $ESP_HOME/adapters/esp_open/bin. The string is also encoded using base64 algorithm. A limitation is that all characters should be in one line of the adapter property file. Passwords in encrypted form should be copied to the related password field of the component in the adapter property file.

Property	Description
`KeyStore`	(Required) Location of the Keystore file.
`KeyStoreType`	(Optional) The standard used to store the Keystore file. Valid values are: JKS, PKCS8, PKCS12. Default value is JKS.
`KeyAlias`	(Optional) If Keystore type is JKS or PKCS12, provide an alias name for the key pair. This property is not used in PKCS8.
`KeyStorePassword`	(Optional) If Keystore type is JKS or PKCS12, provide a password. This property is not used in PKCS8.

Generating Self-Signed RSA Keys Using Java Keytool
Use the sample jksKeyStore file in the $ESP_HOME/adapters/esp_open/lib/security directory to generate self-signed RSA keys using Java keytool.
Generating Self-Signed RSA Keys Using OpenSSL
Use the PKCS12 Keystore file in the $ESP_HOME/adapters/esp_open/lib/security directory to generate self-signed RSA keys using OpenSSL.
Generating Self-Signed RSA Keys Using OpenSSL (PKCS8 Keystore)
Use the sample pkcs8KeyStore.der file in the $ESP_HOME/adapters/esp_open/lib/security directory to generate self-signed RSA keys using OpenSSL.

Parent topic: Monitoring the Open Adapter