Crypto Support bundle provides a service that allows users to generate the \u201cProtected Text\u201d from the \u201cPlain Text\u201d input.<\/p>\n
Open the URL <\/strong>http:\/\/<host>:<port>\/<system\/console\/crypto><\/span><\/p>\n For instance, while setting up the SMTP configurations, it is not ideal to keep the password as a plain text in the OSGI config. Best way to do is to encrypt the password using Crypto Support and then use the Protected Text in the SMTP Configurations.<\/p>\n Next step is to decrypt the protected text in the backend code so as to fetch the original password, which is easy.<\/p>\n Since the OSGI configuration has the \u201cProtected Text\u201d configured, it is required to decrypt the value before actually using it.<\/p>\n Following code sample is used to decrypt the password:<\/p>\n The method unprotect(String cipherText)<\/em> unprotects (decrypts) the string to return the plain text. We can also check if the String is already protected by using isProtected(String text)<\/em>method. This method returns true if String provided is protected.<\/p>\n Note that we are not done yet. The protected string generated by Crypto Support will be different for different instances. One last step is required to make sure same protected text can be used throughout. It is an optional step, if different protected strings need to be used on different instances.<\/p>\n If we intend to use the same protected text for all the environments (it is recommended to use different password for production environment to ensure data integrity), then we need to follow below steps.<\/p>\n Note:<\/strong> If we manually stop the Crypto Support bundle, then AEM login fails and the user will be unable to login with any user. Hence, it is always recommended to use CURL command at root directory of the server with admin user only to restart the crypto support bundle.<\/p>\n CURL command to stop the bundle: CURL command to start the bundle: Hope this helps you all to smoothly implement encryption\/decryption of the passwords!<\/p>\n We have tested this on AEM 6.2<\/p>\n","protected":false},"excerpt":{"rendered":"![\"\"](\"http:\/\/www.argildx.us\/wp-content\/uploads\/2018\/03\/crypto-Support-console.jpg\")
\nIn the \u201cPlain Text\u201d field, add the string which needs to be encrypted and press the protect button. \u201cProtected Text\u201d field will show the encrypted string to be used. plain text string The encryption algorithm used in this procedure is symmetric key encryption namely AES algorithm, CBC mode with PKCS5 padding used from RSA JSafe library.<\/p>\nStep 2: Decrypt the Protected Text.<\/strong><\/h5>\n
@Reference\r\nprivate CryptoSupport cryptoSupport;\r\n\r\nprivate void setEmailConfiguration(Object smtpHost,Object smtpPort,Object smtpUser,Object smtpPwd,Object from Address){\r\n\r\n String password=PropertiesUtil.toString(smtpPwd,StringUtil.EMPTY);\r\n if(this.cryptoSupport.isProtected(password)){\r\n this.smtpPassword=this.cryptoSuport.unProtect(password);\r\n } else {\r\n this.smtpPassword=password;\r\n }\r\n }<\/pre>\nStep 3 (Optional): To Make the Protected Text Same for all the AEM Instances.<\/strong><\/h5>\n
\n
![\"\"](\"http:\/\/www.argildx.us\/wp-content\/uploads\/2018\/03\/crypto-Support-bundle-hmac-and-master.jpg\")
<\/li>\n
\ncurl -u admin:admin
\nhttp:\/\/<host>:<port>\/system\/console\/bundles\/com.adobe.granite.crypto -F action=stop<\/span><\/p>\n
\ncurl -u admin:admin
\nhttp:\/\/<host>:<port>\/system\/console\/bundles\/com.adobe.granite.crypto -F action=start<\/span><\/p>\n