|
|
|
Sometimes you must values in a configuration file. For security purposes, you might want to encrypt and store the encrypted form of these secret values. Use the NPSEncrypt tool. When a setting allows encrypted values to be used, this tool decrypts it before use. If the setting is not encrypted, the value entered is used.
The NPSEncrypt utility takes plain text from the command line, encrypts it, and prints the result on the screen. The resulting encrypted text can be cut and pasted wherever it is needed.
A product that allows an encrypted value, automatically decrypts it when needed.
To encrypt a value, use the command prompt and type the NPSEncrypt command followed by a space and the text to be encrypted:
C:\Program Files\CA\webasagent\sapwebas\tools>npsencrypt secret [NPSEncrypt Version 12.0.0000.244 - NPSEncrypt Revision 12.0.0000.244] [NDSEnc-B]9Avy5I7DdZvyKMQUEyCmkA==
In this case, the encrypted form of secret is:
[NDSEnc-B]9Avy5I7DdZvyKMQUEyCmkA==
When you copy and paste, grab the entire line, including [NDSEnc-].
NPSEncrypt encrypts the same text to many different cipher text values. Use any of the values, for example:
C:\Program Files\CA\webasagent\sapwebas\tools>npsencrypt secret [NPSEncrypt Version 12.0.0000.244 - NPSEncrypt Revision 12.0.0000.244] [NDSEnc-B]+gSD4iNxxr2dApU2LeaVNg== C:\Program Files\CA\webasagent\sapwebas\tools>npsencrypt secret [NPSEncrypt Version 12.0.0000.244 - NPSEncrypt Revision 12.0.0000.244] [NDSEnc-C]/QFL4W7I7k0iWpANyne0zA== C:\Program Files\CA\webasagent\sapwebas\tools>npsencrypt secret [NPSEncrypt Version 12.0.0000.244 - NPSEncrypt Revision 12.0.0000.244] [NDSEnc-C]Af0T4bgeF96of3IA6PuOng== C:\Program Files\CA\webasagent\sapwebas\tools>npsencrypt secret [NPSEncrypt Version 12.0.0000.244 - NPSEncrypt Revision 12.0.0000.244] [NDSEnc-C]Af0T4bgeF96of3IA6PuOng== C:\Program Files\CA\webasagent\sapwebas\tools>npsencrypt secret [NPSEncrypt Version 12.0.0000.244 - NPSEncrypt Revision 12.0.0000.244] [NDSEnc-B]BPnb4AN1P28PdwnSbqgfKw== C:\Program Files\CA\webasagent\sapwebas\tools>npsencrypt secret [NPSEncrypt Version 12.0.0000.244 - NPSEncrypt Revision 12.0.0000.244] [NDSEnc-B]BPnb4AN1P28PdwnSbqgfKw==
The syntax for using the command is:
NPSENCRYPT.exe [-FIPS] [Text]
Specifies FIPS Compliant Encryption. If you do not include this flag, any text encrypted by the commend is encrypted by non-FIPS algorithms (FIPS-compatible).
Specifies the text to be encrypted.
Examples of possible usage for the tool follow:
NPSEncrypt.exe [NPSEncrypt Version 12.0.0000.129 - NPSEncrypt Revision 12.0.0000.129]
NPSEncrypt.exe <text >
An RC2 algorithm encrypted value such as the following sample appears:
[NDSEnc-A]gg7ljFtRbwb9ss
NPSEncrypt.exe <-FIPS> <text>
An AES algorithm encrypted value such as the following sample appears:
[NDSEnc-AES]g7ljFtRbwb9ss
NPSEncrypt.exe <-UPGRADE> <RC2 encrypted text>
An AES algorithm encrypted value such as the following sample appears:
[NDSEnc-AES]g7ljFtRbwb9ss
NPSEncrypt.exe <-FIPS> <text> xyz
The usage syntax for the tool appears:
[NPSEncrypt Version 12.0.0000.129 - NPSEncrypt Revision 12.0.0000.129]
NPSEncrypt.exe <-UPGRADE> <AES encrypted text>
The following message appears:
[NPSEncrypt Version 12.0.0000.130 - NPSEncrypt Revision 12.0.0000.130]
The Shared Secret is already encrypted in a FIPS Compliant Mode.
For Unix and Linux Platforms, the name of the tool is NPSEncrypt.
| Copyright © 2012 CA. All rights reserved. |
|