Encrypted Credentials in Custom Applications

In Release 5.6.2 and higher, OmniSci can accept a set of encrypted credentials for secure authentication of a custom application. This topic provides a method for providing an encryption key to generate encrypted credentials and configuration options for enabling decryption of those encrypted credentials.

Generating an Encryption Key

Generate a 128- or 256-bit encryption key and save it to a file. You can use https://www.allkeysgenerator.com/Random/Security-Encryption-Key-Generator.aspx to generate a suitable encryption key.

Configuring the Web Server

Set the file path of the encryption key file to the encryption-key-file-path web server parameter in omnisci.conf:

[web]
encryption-key-file-path = “path/to/file”

Alternatively, you can set the path using the --encryption-key-file-path=path/to/file command line argument.

Generating Encrypted Credentials

Generate encrypted credentials for a custom application by running the following Go program, replacing the example key and credentials strings with an actual key and actual credentials. You can also run the program in a web browser at https://play.golang.org/p/nNBsZ8dhqr0.

package main
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"fmt"
"io")
// 1. Replace example key with encryption string
var key = "v9y$B&E(H+MbQeThWmZq4t7w!z%C*F-J"
// 2. Replace strings "username", "password", "dbName"with credentials
var stringsToBeEncrypted = []string{
"username",
"password",
"dbName",
}
// 3. Run program to see encrypted credentials in console
func main() {
for i := range stringsToBeEncrypted {
encrypted, err := EncryptString(stringsToBeEncrypted[i])
if err != nil {
panic(err)
}
fmt.Printf("%s => %s\n", stringsToBeEncrypted[i],encrypted)
}
}
func EncryptString(str string) (encrypted string,err error) {
keyBytes := []byte(key)
block, err := aes.NewCipher(keyBytes)
if err != nil {
panic(err.Error())
}
aesGCM, err := cipher.NewGCM(block)
if err != nil {
panic(err.Error())
}
nonce := make([]byte, aesGCM.NonceSize())
if _, err = io.ReadFull(rand.Reader, nonce); err!= nil {
panic(err.Error())
}
strBytes := []byte(str)
cipherBytes := aesGCM.Seal(nonce, nonce, strBytes,nil)
return fmt.Sprintf("%x", cipherBytes), err
}