Encrypting passwords

You can encrypt passwords by using an EGL command-line utility. Password encryption is supported only for Java™ code and the debugger, not for COBOL programs.
When EGL generates output files, it automatically encrypts passwords in property files and literals that are passed to system functions. For example, here is a call to the sqlLib.connect system function:
sqlLib.connect(myDatabase, myUserid, "myPassword");
Because the password parameter is specified as a string literal, it is automatically encrypted in the generated code.
However, if you hardcode your password in a place other than the function call, EGL does not encrypt the password:
myPasswordVariable string = "myPassword";
sqlLib.connect(myDatabase, myUserid, myPasswordVariable);
In this case, the password is not encrypted and is displayed in the generated source.
You can manually encrypt your password by running the command-line utility and using the returned encrypted value in your code:
myPasswordVariable string = "crypto:abcdef12345";
sqlLib.connect(myDatabase, myUserid, myPasswordVariable);
You might need to manually encrypt hard-coded passwords in the following elements:

When an EGL system function receives a password with the crypto: prefix, it decrypts the password automatically. For this reason, you must encrypt any passwords beginning with the characters crypto:; otherwise, EGL will attempt to decrypt the non-encrypted password.

To encrypt a password:

  1. Add your Java executable to the path of the system:
    1. Obtain and install a Java SDK if you do not already have one. IBM® offers a Java SDK to download at the following Web site: http://www.ibm.com/developerworks/java/jdk/.
    2. In the PATH environment variable of your system, add the location of the Java SDK. For instructions, see the documentation for your operating system.
  2. Open a command prompt.
  3. Go to the following location:
    shared_resources\plugins\
    com.ibm.etools.egl.java.runtime_version
    shared_resources
    The shared resources directory for your product, such as C:\Program Files\IBM\SDP70Shared on a Windows® system or /opt/IBM/SDP70Shared on a Linux® system. If you installed and kept a previous version of an IBM product containing EGL before installing your current product, you may need to specify the shared resources directory that was set up in the earlier install.
    version
    The installed version of the plugin, including three numbers separated by periods, a string separator, and the date and time that the plugin was built; for example, 7.0.0.RFB_20070120_1300. If more than one is present, use the one with the most recent version number, unless you have a reason to use an older version.
  4. To invoke the program, type the following command :
    java -classpath fda7.jar com.ibm.javart.security.PasswordEncrypter
    The program displays the prompt Enter text to encrypt:.
  5. Type your password and press Enter. The program returns an encrypted string that begins with the prefix crypto:.
  6. Copy the entire returned string, including the crypto: prefix, into places in which you would typically hard-code your password.
  7. Save the changed files and regenerate the project.

Feedback