Highlighted

How to Use Crypto Support in AEM to Encrypt/Decrypt Data? | AEM Community Blog Seeding

kautuk_sahni

Community Manager

03-09-2020

BlogImage.jpg

How to Use Crypto Support in AEM to Encrypt/Decrypt Data? by Blog - NextRow

Abstract

While working with AEM, sometimes we have requirements to call third-party APIs/Services. Configurations related to these APIs/Services like username, passwords, client id/secrets, API keys are usually stored in a code repository in the form of OSGi configuration. This sensitive information should be stored encrypted rather than plain-text format.

This is possible through the OOTB AEM Crypto Support bundle. This bundle provides services for encrypting and decrypting the confidential/secured data through system-wide keys (hmac and master files).

What are the Features of Crypto Support?
Decryption happens at runtime.
No one can decrypt the data through the UI. There’s no UI to decrypt the encrypted data. So, the information remains secure.
What are hmac/master keys?
Encryption/decryption happens through keys (hmac and master files).
These keys get generated during the first startup of AEM instance.
In older versions of AEM (< 6.3), these files are stored under /etc/key but recent AEM versions have these files on the file system under crx-quickstart.
These keys are unique for every AEM instance.
How to encrypt data using Crypto Support?
In order to encrypt a string, follow the below steps:

1. Navigate to /system/console/crypto. The console looks like below:

2. Enter the plain-text string in the “Plain Text” field and click on “Protect”.

3. An alphanumeric value will get generated in “Protected Text” field.


4. Copy above alphanumeric value including curly brackets. For e.g. {435c89a1e94895d5a8447b856ec479aa24d8cdfc7a6dc51991202b62b065a1e6}

Read Full Blog

How to Use Crypto Support in AEM to Encrypt/Decrypt Data?

Q&A

Please use this thread to ask the related questions.

AEM AEMEBlogSeeding Experience Manager