Administrator

Encryption in MOB_PREFERENCES

Preference configuration values are stored encrypted in the MOB_PREFERENCES table.

Prefix encrypted preferences values with the encryption algorithm, such as:
  • {AES-128-PBKDF2}<ENCRYPTED-VALUE>
  • {AES-256-PBKDF2}<ENCRYPTED-VALUE >

Decryption is transparent to an application; however, the developer who is using a particular preferences node must explicitly enable encryption-support for that node explicitly.

For Mobiliser, the encryption/decryption key is configured in:

<SMP_HOME>\Server\config_master\com.sybase365.mobiliser.util.prefs.encryption.aes\com.sybase365.mobiliser.util.prefs.encryption.aes.properties

For applications using remote access to preferences, configure the encryption/decryption key using one of these methods:
  • System property -Dcom.sybase365.mobiliser.money.prefs.secret=<KEY>
  • JNDI entry <Environment description="Preferences key" name="prefs/secret" type="java.lang.String" value="<KEY>" />

    The JDNI entry is usually configured in <TOMCAT_HOME>/conf/server.xml.

  • Property file on class path sybase-preferences.properties

    with line: encryption-secret=<KEY>

The AES/CBC/PKCS5Padding encryption is automatically used. The encrypted value must be Base64-encoded, and the first 16 bytes are interpreted as the initialization vector (IV). The encryption key is derived from the password using PBKDF2HmacWithSHA1 hashing with the static salt {97,101,105,111,117,85,79,73,69} and 65536 iterations. SAP Mobile Platform Server includes an executable JAR in the ./tools folder that encrypts configuration values according to this specification.

Run:
./tools> java -jar <SMP_HOME>\Server\tolls\mobiliser\com.sybase365.mobiliser.vanilla.cli-tools-5.1.0.RELEASE-CLIEncrypterClient.jar 
<KEY> <TEXT> [<KEYLENGTH>]