Skip to main content

Password Encryption

Password encryption is essential to store user credentials securely. Without password encryption, anyone accessing the configuration files for aqishare could easily view any stored passwords by default, because it is stored as plain text. To avoid this potential security risk, it is possible to encrypt all passwords in the configuration files with an encryptor tool. The tool uses the asymmetric RSA algorithm to encrypt the passwords.

Download the Encryptor Tool

The password encryption tool is available for various platforms such as Windows, Linux and Mac. The package contains the executables for each of the mentioned platforms and can be downloaded from the delivery portal.

info

Download the password encryption tool, called aqicrpyt, from: https://aqipro.com/downloads/aqicrypt.zip. The package has a file size of approximately 6.5 MB and contains all executables for the mentioned platforms.

Once downloaded, extract the package. Depending on your current system architecture, you may also need to unzip either the .zip or .tar.gz archives to find the appropriate executable.

aqicrypt_download

Using the Encryptor Tool

To encrypt passwords in any of the aqishare configuration files, follow the steps below. This guide demonstrates usage on a Windows system. If your platform is Unix or Mac, use the corresponding commands.

Windows PowerShell
.\aqicrypt.exe --help

aqicrypt_help

Generate Key Pair

Use the generate command to generate a new key pair. Pass the output path as an argument specifying where the private key and public key files should be stored. Ensure the specified directory exists.

Windows PowerShell
.\aqicrypt.exe generate c:\aqishare_custom\keypair

Encrypt Passwords

Use the encrypt command to create encrypted passwords. Accepted arguments are the password to be encrypted and the public key file used for encryption.

Windows PowerShell
.\aqicrypt.exe encrypt MY_PASSWORD_TO_ENCRYPT --publicKeyPath c:\aqishare_custom\keypair\publicKey.pem

The output will be like: aqicrypt_encrypt

Copy the line starting with the ENC() function and use this as the value for the desired password instead of its plain text value.

info

You can use encrypted passwords in many of the aqishare configuration files. Refer to the Initial Setup chapter.

Decrypt Passwords

Use the decrypt command to decrypt an encrypted password. This command is for testing purposes only and has no relevance to the application. Use it to verify the encrypted passwords. This might help if there are issues in the running application that lead to incorrect passwords or passwords encrypted with a different key pair. It could also help if the password is no longer known. Accepted arguments are the encrypted password string and the private key file.

Windows PowerShell
.\aqicrypt.exe decrypt "ENC(yKkvq78BGpMh2itwDX4hX6spQrZmg188mkNA==)" --privateKeyPath c:\aqishare_custom\keypair\privateKey.pem
Windows PowerShell

To execute the decrypt command successfully, please enclose the encrypted password in double quotes (i.e., "ENC(...)"). Alternatively, use the value inside the brackets without "ENC()".

The output will look as follows and display the decrypted password. aqicrypt_decrypt

Enable Usage

Once the key pair is created and the passwords are encrypted and stored in the related configuration files, the following steps are necessary to enable the usage of the encrypted passwords in aqishare.

Map Private Key into Container

To allow the usage of the encrypted passwords based on the created key pair above, the private key file must be mapped into the aqishare container. Depending on the containerization tool used, the method to make files available may vary (either map it or copy it).

tip

Refer to related section in the Application Start to learn how to map it correctly.

Specify Private Key

Once the private key file is available inside the container, aqishare must be made aware of it to use it. To accomplish this, add the path of the private key file within the container to app.yaml.

Example (in app.yaml)
privateKeyPath: /app/configs/privateKey.pem
tip

Refer to related section Password Encryption in the app.yaml.