Within each configuration directory under config_master, there is a file called
metaconfig.json. Within this file, the "apply strategy"
should be set to "config admin". The master key for
encrypting
the encrypted configuration values is stored in the
SMP_HOME
\Server\props.ini
file:
- -DsecretKey=<PASSWORD>
- -DsecretKeylength=<128|256>
The 256-bit key length
works
only
if
you replaced the JVM's encryption policy files;
the
decryption of these values
happens
transparently to the application.
This also
means that inside the SAP Mobile Platform Server, encrypted values
are
in clear text. To indicate that a value is encrypted, it must be prefixed with
{enc}. An entry must look
like:
- <KEY>={enc}<ENCRYPTED-VALUE>
CLIEncrypter
The SAP Mobile Platform Server includes an executable JAR in
SMP_HOME\Server\tools\cipher
folder to encrypt configuration values according to this specification. Simply
run:
\tools\cipher>Java –jar CLIEncrypter.jar <KEY> <TEXT> [<KEYLENGTH>]
The <KEY> must match the configured key from
SMP_HOME\Server\props.ini,
<KEYLENGTH> is optional and defaults to 128 bits - 256 will only work if you
have updated your Java encryption policy file.
Alternative Method Using OSGi
The AES/CBC/PKCS5Padding encryption is used. The encrypted value is expected to be
Base64-encoded,
and
the first 16 bytes are interpreted as the initialization vector
(IV). The encryption key is derived from the password using PBKDF2HmacWithSHA1
hashing with the static salt {97,101,105,111,117,85,79,73,69} and 65536 iterations.
Note: The OSGi commands are executed through the OSGi shell console which is a
server-based service. This is an alternative method for encrypting configuration
values.
SAP Mobile Platform Server
includes a command
that
encrypts
configuration values according to this
specification:
- >osgi>cm_security enc <TEXT>
Examples:osgi>cm_security enc password Encoded Text:QWIFsLnfJeE78tkRDx8ES3xDkNHbrbWdvNsEzfdv6IA=
osgi>cm_security dec QWIFsLnfJeE78tkRDx8ES3xDkNHbrbWdvNsEzfdv6IA=Decoded Text:password