Untitled | Documentation

1. encryption

The encryption tool is used to encrypt and decrypt strings. It also encodes strings in Base64 format and provides the hash result.

For algorithms that require a secret key, such as AES, DES, DESEDE, BLOWFISH, and SEED, a security.key file must be created in advance. The security.key file is located in the JEUS_HOME/domains/<domain name>/config/security directory, and the path can be changed using the system property jeus.security.keypath property.

The encryption tool is invoked using the encryption script located in the following directory.

JEUS_HOME/bin/

The following describes how to use the tool and parameters.

Usage

Usage: encryption <algorithm> <text> [-options ...]
Options:
    -algolist                show available algorithms
    -algorithm <algorithm>   Encryption algorithm
    -convert                 convert old ciphertext format to new ciphertext format
    -decode                  set to decode mode; used for base16/base64 only
    -domain <domain>         domain name
    -h                       help for Encryption
    -keypath <keypath>       security key path
    -protectkey              use protected secret key
    -s                       describe simple result only
    -text <text>             Text to be encrypted
Simple example : encryption AES 1234

Parameters

Parameter	Description
-algorithm <algorithm>	Encryption algorithm. If not set, the first argument is regarded as the algorithm. (Required)
-algolist	Displays available encryption algorithms.
-convert	Converts an entered cryptogram to a new cryptogram.
-decode	Decodes a cryptogram encoded with Base16 or Base64.
-domain <domain>	Uses the security.key file of the domain where a symmetric-key algorithm is entered. Only -domain or -keypath can be specified.
-h	Displays usage.
-keypath <keypath>	Uses the security.key file of the keypath where a symmetric-key algorithm is entered. Only -domain or -keypath can be specified.
-protectkey	Encrypts the security.key file by using the entered master password. To use encrypted security.key, the master password must be entered.
-s	Displays the encoded result.
-text <text>	Text to encode. If not set, the second argument is regarded as the text. (Required)

Parameter

Description

-algorithm <algorithm>

Encryption algorithm. If not set, the first argument is regarded as the algorithm. (Required)

-algolist

Displays available encryption algorithms.

-convert

Converts an entered cryptogram to a new cryptogram.

-decode

Decodes a cryptogram encoded with Base16 or Base64.

-domain <domain>

Uses the security.key file of the domain where a symmetric-key algorithm is entered. Only -domain or -keypath can be specified.

-h

Displays usage.

-keypath <keypath>

Uses the security.key file of the keypath where a symmetric-key algorithm is entered. Only -domain or -keypath can be specified.

-protectkey

Encrypts the security.key file by using the entered master password. To use encrypted security.key, the master password must be entered.

-s

Displays the encoded result.

-text <text>

Text to encode. If not set, the second argument is regarded as the text. (Required)

Example

In the example it is assumed that the JEUS_HOME system environment variable is set and the JEUS_HOME/bin directory is set as the system path.

When invoked, the tool simply shows encoded or decoded strings. If no parameters are specified or if the call syntax is incorrect, a help screen is displayed.
```
$ encryption base64 mypassword
bXlwYXNzd29yZA==
```
The string, "bXlwYXNzd29yZA==", is the result of encoding "mypassword" in base64 format.
```
$ encryption DESede mypassword -domain domain_name
[DESEDE] : [mypassword] --> [encode:8JLoskMPHkwwLKi+TJeOgQZBDO15PBQ=]
[DESEDE] : [8JLoskMPHkwwLKi+TJeOgQZBDO15PBQ=] --> [decode:mypassword]
```
The string “8JLoskMPHkwwLKi+TJeOgQZBDO15PBQ=” is an encrypted password for “mypassword” using the DESede cipher algorhtm. The secret key generated to perform this encryption is stored in the security.key file in JEUS_HOME/domains/<domain name>/config/security (if it is not initial encryption, the existing key stored in the security.key file is used).

Use the -protectkey option to encrypt the secret.key file with a master password.
```
$ encryption -protectkey AES mypassword 
Input the master password For key encryption>
Confirm the master password For key encryption>
[AES] : [mypassword] --> [encode:qsHQdjqh8aAr3fWPYWbU0/VkFbs9yllZeRJaK5xSiuo=]
[AES] : [qsHQdjqh8aAr3fWPYWbU0/VkFbs9yllZeRJaK5xSiuo=] --> [decode:mypassword]
```
This example is similar to the previous examples. However, in this example, a master password is required.

The password is used to encrypt the secret key with the DESede algorithm. To use the secret.key file, which was created using a master password, the master password must be entered. The following shows how to encrypt using the encrypted secret.key file.
```
$ encryption -protectkey AES mypassword 
The encryption key file is encrypted. Enter the master password.
Password>
[AES] : [mypassword] --> [encode:qsHQdjqh8aAr3fWPYWbU0/VkFbs9yllZeRJaK5xSiuo=]
[AES] : [qsHQdjqh8aAr3fWPYWbU0/VkFbs9yllZeRJaK5xSiuo=] --> [decode:mypassword]
```
In JEUS 6 Fix#4, the encryption algorithm was enhanced for greater security. In JEUS 6 Fix#4, encryption syntax created in earlier versions cannot be used because the ciphertext format was updated. JEUS 6 Fix#5 and later versions provide a function that converts the ciphertext in the encryption tool. The function can be used with the -convert option.
```
$ encryption -convert AES i06wYRz3u60/Gqun2sKtXH1u=
Decryption was successful.
[before:i06wYRz3u60/Gqun2sKtXH1u=] --> [after:ET7c/P21Qx1Io8UI6Ss2NvZ0G=]
```
When the security.key file is encrypted, decrypt the file.
```
$ encryption -convert -protectkey AES i06wYRz3u60/Gqun2sKtXH1u=
The encryption key file is encrypted. Enter the master password.
Password>

Decryption succeed.
[before:i06wYRz3u60/Gqun2sKtXH1u=] --> [after:ET7c/P21Qx1Io8UI6Ss2NvZ0G=]
```