Encryption


The following functions are provided as built-in functions in PeopleCode for encryption/decryption:

  • Encrypt and Decrypt
  • Hash
  • EncryptNodePswd

The syntax for these functions:

Encrypt (KeyString, ClearText) returns CipherText
Decrypt (KeyString, CipherText) returns ClearText
Hash (ClearText) returns CipherText
EncryptNodePswd(ClearText) returns CipherText

Ciphertext is the term used in cryptography to refer to text once it has been encrypted. Cleartext is the plain text before any encryption is applied.

The Encrypt and Decrypt functions rely on a key string which is used as part of the encryption. Note that the key string can be blank so you can simply issue the commands Encrypt(ClearText) and Decrypt(CipherText). It is a good idea to trim spaces from the start and finish of your clear text.

Spaces are included in the encryption so the cipher text will be different if your clear text includes a space to if it didn't include a space.

Use rtrim and ltrim like this to remove spaces:

&strCipherText = encrypt("", rtrim(ltrim(&strClearText)));

The Hash function can only be used to encrypt clear text (one way) - PeopleSoft doesn't provide the equivalent decryption function (for good reason). The Hash function is the same algorithm (and key) that is used to encrypt the passwords in the OPERPSWD field in the PSOPRDEFN table (user passwords).

Similarly EncryptNodePswd can only be used to encrypt clear text. It is used to encrypt the password used by Integration Broker nodes. This is the encrypted password stored in the IBPASSWORD field in the PSMSGNODEDEFN table.

The encrypted ACCESSID and ACCESSPSWD stored in PSACCESSPRFL use whatever algorithm is run when issuing the CHANGE_ACCESS_PASSWORD command in data mover. The ACCESSID is used as the key for the encryption algorithm. This is the symbolic ID configured when installing PeopleSoft.

The encrypted passwords stored in the application server configuration (psappsrv.cfg) and process scheduler configuration (psprcs.cfg) files use the same internal algorithm as the CHANGE_ACCESS_PASSWORD command in data mover. This is the case for other applications such as configuration manager and application designer.

The integrationGateway.properties file contains encrypted passwords for each node. When accessing this through advanced gateway properties, you are provided with an area to generate passwords. Alternatively you can run the delivered password encryption utility, PSCipher. This is a Java program found on your PeopleSoft web server.

The syntax for encryption is (Windows and Unix):

pscipher.bat ClearText
pascipher.sh ClearText

For security reasons you should generate a unique PSCipher encryption key using:

pscipher.bat -buildkey
pascipher.sh -buildkey
The key version is presented at the start of the encrypted password: {V1.1} if a unique key has not built (default). Otherwise it will be {V1.2} or above.

Revision #1
Created Sun, Sep 22, 2019 11:32 PM by PeopleSoft Wiki
Updated Sun, Sep 22, 2019 11:36 PM by PeopleSoft Wiki