Previous Topic: Unattended MDB Installation Using a Response FileNext Topic: Preparing to Work with a Microsoft SQL Server MDB

Installation of CA ITCMManagement Database (MDB)Unattended MDB Installation Using a Response FileEncryption and Decryption of Passwords in a Response File

Encryption and Decryption of Passwords in a Response File

By default, the MDB installers use the Blowfish encryption and decryption utility that is included in the MDB packages: blfs.exe on Windows and blfs on Linux and Solaris. When you run setup with the -g option, the application automatically uses Blowfish to encrypt passwords in the response file.

If you create the response file by editing the included template, install.rsp, run the Blowfish utility from a command or shell window to encrypt the password. Then copy the resulting string to the response file.

For example, if the blfs validation_0101 command on Linux/Solaris returns the encrypted string, 0x530924b11654032a6e0e213281cd8565c3f9ec63b09dc673, you need to copy this string to the response file as follows:

# Password of Oracle MDB admin user
ITRM_MDBADMINPWD=0x530924b11654032a6e0e213281cd8565c3f9ec63b09dc673

In both cases, when you run setup with the -r option, the application automatically uses the Blowfish utility to decrypt passwords in the response file.

Note: The unencrypted passwords cannot start with 0x (case-sensitive).

The Blowfish algorithm is not FIPS-compliant. You can provide a custom FIPS-compliant utility for encryption or decryption by setting environment variables pointing to the relevant programs. That is, set MDB_ENC_PROG to the full path name of the encryption program and MDB_DEC_PROG to the full path name of the decryption program.

Example: Changing the Encryption or Decryption Programs on Windows

set MDB_ENC_PROG=E:\tmp\my_encrypter.exe

set MDB_DEC_PROG=E:\tmp\my_decrypter.exe

On Windows, the programs must have a .exe extension in the file names.

Example: Changing the Encryption or Decryption Programs on Solaris or Linux

MDB_ENC_PROG=/tmp/my_encrypter
export MDB_ENC_PROG

MDB_DEC_PROG=/tmp/my_decrypter
export MDB_DEC_PROG

If you do not set MDB_DEC_PROG, or if the program does not exist, then MDB_DEC_PROG is assumed to be the same as MDB_ENC_PROG. If you do not set MDB_ENC_PROG or if the program does not exist, then the default Blowfish encryption and decryption programs are used.