On this page

Generating keys for encryption and decryption

By default, properties are stored as plain text. If required, any of these properties can be encrypted. For property encryption and decryption, you need to generate a pair of keys by using our property encryption tool. The tool is provided as the encryptor.jar file and the steps below explain how to use it.

The encryption tool uses Java 21. Therefore, the system PATH variable needs to point to the location of the bin folder of the Java 21 home directory, for example, C:\Java\Java11\bin or /etc/alternatives/jre_21.

Encrypted properties (like passwords) can include special characters, such as exclamation marks, ampersands, or quotes. These characters must be escaped because the shell that runs the command interprets them within the property and does not invoke the encryptor. The characters that need to be escaped and the escape method depend on the command line shell used to run the command, so check your shell documentation on how to escape the property value if it contains special characters.

The following examples use the property value !&:

  • Invoking the command in the Linux bash shell:
    java -jar encryptor.jar encrypt '!&'
  • Invoking the command in the Windows Command Shell:
    java -jar encryptor.jar encrypt "!&"
     

To encrypt properties

  1. Click the link to download the encryptor.jar file.
  2. Open the command-line interface and navigate to the directory where the encryptor.jar file is located.
  3. Run the java -jar encryptor.jar command. You should see the information on how to use the tool as displayed below.



  4. Run the java -jar encryptor.jar generate-keys <path_to_folder_for_keys> command to generate a pair of keys for property encryption and decryption. Make sure to replace the <path_to_folder_for_keys> placeholder with the actual path to the directory where you want to store the keys. You should see a confirmation that the keys have been successfully generated.

    After executing the command, the following keys are created in the specified directory:

    • propertiesEncryptionKey.pub - a public key used to encrypt property values.
    • propertiesEncryptionKey - a private key used to decrypt property values.


  5. To encrypt a property, run the java -jar encryptor.jar encrypt <unencrypted_property_value> <path_to_the public_key> command. Make sure to replace the <unencrypted_property_value> and <path_to_the public_key> placeholders with the actual property value and the path to the propertiesEncryptionKey.pub file. The tool will output the encrypted property value.



Configuring Teamwork Cloud encrypted property values

To configure Teamwork Cloud encrypted property values

  1. Go to the <install_root>/CATIANoMagicServices/TeamworkCloud/configuration/ directory and edit the application.conf file.

  2. In the application.conf file, replace the actual property value with the encrypted property value in the following format: ENC(encrypted_property_value).

    For example, an encrypted Cassandra password, should look similar to this one: password=ENC("lcvPbmmI32vn1jD2EYrQfMLu7ydX+/DW8wljMsk/
    +UcjrPWXELau1YC1FFTa3UBMptu3sFK6wjOuLipveVBJYzo0k+yfgt1qnD1ud/3E7LsRGwMe4srlAIF7Kfq36pPywTu58NBYp6M8yktIDTtKtQSvuZF8Qcb38Vw56OkGCd9Io+vdM5aTN
    TNi2ls7jnN09BuqD6lZvwJ/atcrd0grfEhxwM3PSw0zzUS+EenjWedTxogxpfXLtUbTEuzwYSMGqyi5goX9Wb3vnkMPs7xlL/ZhqYYIQCXwQaREbzLIH3oJEHJxRvUpFIhWJoc/7LJfn/09ukx0wjgF296kEgI+rA==")    .


  3. In the same application.conf file, add the esi.config.decrypt_key_file property and specify the path to the private key (the propertiesEncryptionKey file) as its value, e.g., esi.config.decrypt_key_file=<install_root>/CATIANoMagicServices/TeamworkCloud/keys/propertiesEncryptionKey.

    The private key (the propertiesEncryptionKey file) should be in the location which Teamwork Cloud can access.

  4. Restart Teamwork Cloud service.

Configuring Web Application Platform encrypted property values

To configure Web Application Platform encrypted values

  1. Go to the <install_root>/CATIANoMagicServices/WebAppPlatform/shared/conf directory and open the webappplatform.properties file.

  2. In the webappplatform.properties file, replace the actual property value with the encrypted property value in the following format: ENC(encrypted_property_value).

    For example, an encrypted Teamwork Cloud administrator password, should look similar to this one: twc.admin.password=ENC(lcvPbmmI32vn1jD2EYrQfMLu7ydX+/DW8wljMsk/
    +UcjrPWXELau1YC1FFTa3UBMptu3sFK6wjOuLipveVBJYzo0k+yfgt1qnD1ud/3E7LsRGwMe4srlAIF7Kfq36pPywTu58NBYp6M8yktIDTtKtQSvuZF8Qcb38Vw56OkGCd9Io+vdM5aTN
    TNi2ls7jnN09BuqD6lZvwJ/atcrd0grfEhxwM3PSw0zzUS+EenjWedTxogxpfXLtUbTEuzwYSMGqyi5goX9Wb3vnkMPs7xlL/ZhqYYIQCXwQaREbzLIH3oJEHJxRvUpFIhWJoc/7LJfn/09ukx0wjgF296kEgI+rA==)    .


  3. Go to the <install_root>/CATIANoMagicServices/WebAppPlatform/conf directory and open the catalina.properties file.

  4. In the catalina.properties file, add the properties.encryption.private.key.location property and specify the path to the private key (the propertiesEncryptionKey file) as its value, e.g., properties.encryption.private.key.location=<install_root>/CATIANoMagicServices/WebAppPlatform/conf/keys/propertiesEncryptionKey.

    The private key (the propertiesEncryptionKey file) should be in the location which Web Application Platform can access.


  5. Restart Web Application Platform service.