Welcome to the Jazz Community Forum
Is it a Simple DES or a Triple DES encryption algorithm?
Hi Folks,
Following the question I ask at:
https://jazz.net/forum/questions/161289/what-algorithm-is-used-to-encrypt-password-for-jbe
my customer asks me if it is a simple or a triple DES encryption which is used when we call
jbe -createPasswordFile pass.txt
In my understanding, it is a simple, but I might be wrong.
If it is a simple DES encryption, do we have a way to request a Triple-DES encryption ?
Do you plan to provide at some point a Triple-DES encryption ?
Thanks a lot for your help
Best regards
Philippe
Following the question I ask at:
https://jazz.net/forum/questions/161289/what-algorithm-is-used-to-encrypt-password-for-jbe
my customer asks me if it is a simple or a triple DES encryption which is used when we call
jbe -createPasswordFile pass.txt
In my understanding, it is a simple, but I might be wrong.
If it is a simple DES encryption, do we have a way to request a Triple-DES encryption ?
Do you plan to provide at some point a Triple-DES encryption ?
Thanks a lot for your help
Best regards
Philippe
2 answers
Hi Philippe, it uses simple DES (i.e. 8 byte key), and the key for encoding/decoding is not a secret. As such, the password file is not really secure, it's just a way of getting the plain text password out of the build scripts and logs, and preventing casual viewing from exposing the plain text password. It is easy for someone with knowledge of how it is encoded to get the plain text given a password file. As described in the doc, we recommend the password file be given restricted permissions to prevent others from access to the build machine from being able to view it (just the build user).
Off-hand, I don't recall any RFEs to change this. It could be improved by using true public key cryptography, where the private key is used to encrypt the password in the password file, then JBE is given the public key in order to decrypt it.
