EasyCrypt

Last modified on 2022/05/28 10:54

Note:
  • This documentation is intended for Service Manager on-premises customers.
  • SaaS customers should submit a change request to the EasyVista Support team to enable encryption or to force the reset of employee passwords.
  • Cryptographic hash functions (SHA256 mode) are available from Service Manager version 2015.1 onwards.

EasyCrypt is a tool used to perform password encryption using a string of characters. Using an algorithm, passwords are made unintelligible and are practically impossible to decipher should unauthorized users access the files or tables where they are stored.

  • EasyCrypt offers standard encryption (Standard mode enabling the retrieval of the original data) or cryptographic hash functions (SHA256 mode that is irreversible).
  • Encryption can be carried out on a single password, i.e. string of characters, or in a batch processing on all of the passwords stored in a CSV file. 
  • EasyCrypt can be used for all administration, employee and integration model passwords. Open url.png See the types of passwords.

     Open url.png See Password management.

Notes

  • EasyCrypt is available in the following folder, C:\easyvista\tools\servers\MSSQL\EasyCrypt.exe.
  • You can manage employee access using an LDAP directory or an SSO tool. In this case:
    • The passwords defined in the LDAP directory or SSO tool will be used instead of those defined in Service Manager.
    • Only passwords for external service providers authorized to access Service Manager should be defined via employee access management.
  • Encrypted or hashed files:
    • Files must be in CSV format and must contain two columns: Employee login and non-encrypted password.
    • The CSV results file will be created in the same folder as the initial file with the suffix _crypted. Non-encrypted passwords will be replaced with encrypted or hashed ones.

Caution

  • You should always perform a backup of the EVO_DATA database before implementing the encryption of employee passwords.
  • The hash algorithm is irreversible. The password is hashed before being stored in the database and can no longer be decrypted and converted back to plain text.
     

Encryption modes

  • Standard encryption mode: To be used if passwords must be decrypted when they are used.
    • You must use this for administration and integration model passwords because the server requires passwords in plain text.
  • SHA256 cryptographic hash mode: To be used if hashed passwords can be stored in the database.
    • You should use this only for employee passwords because once the passwords are stored in the database, they can no longer be decrypted when used.

Best Practice

  • Add a salt to the hashing process to complexify and reinforce password security by adding additional keys.

Screens description

Encrypt tab (Standard encryption mode)

          EasyCrypt - Crypt tab.png

Manual section: Used to encrypt a password.

  • String: String of characters in plain text corresponding to the password to be encrypted.
    • Click Encrypt to run the encryption algorithm.
  • Encrypted: Used to display the encrypted password.
     

Automatic section: Used to batch encrypt passwords.

  • File: Folder and name of the CSV file containing the passwords to be encrypted.
    • Click Load... to download the file. Next, click Encrypt file to run the encryption algorithm.

Hash tab (SHA256 cryptographic hash mode)

          EasyCrypt - Hash tab.png

Manual section: Used to hash a password.

  • String: String of characters in plain text corresponding to the password to be hashed.
    • Click Hash to run the encryption algorithm.
  • With SALT: Used to indicate whether a salt should be added to the hashing process (box is checked) or not (box is not checked).
    • Click Renew to generate a key.
  • Hashed: Used to display the hashed password with a salt if the With SALT box was checked.
     

Automatic section: Used to batch hash passwords.

  • File: Folder and name of the CSV file containing the passwords to be hashed.
    • Click Load... to download the file. Next, click Hash file to run the encryption algorithm.
  • With SALT: Used to indicate whether a salt should be added to the hashing process (box is checked) or not (box is not checked).

Procedure: How to use EasyCrypt

Step 1: Run EasyCrypt.

1. Go to the folder, C:\easyvista\tools\servers\MSSQL.

2. Run the EasyCrypt.exe executable.

Step 2: Encrypt or hash passwords.

Encrypt passwords using Standard mode

Caution: You must use this mode for administration and integration model passwords.

1. Select the Encrypt tab.

2. You can encrypt a single password containing a string of characters.

  • Enter the string of characters in the String field in the Manual section.
  • Click Encrypt.
    The encrypted password will appear in the Encrypted field.

3. You can batch encrypt passwords contained in a CSV file.

  • Click Load... in the Automatic section to select the CSV file.
             EasyCrypt - CSV File.png
  • Click Encrypt file.
    • All of the passwords in the file will be encrypted.
    • They will be saved in a CSV results file that will be created in the same folder as the initial file with the suffix _crypted.
      EasyCrypt - CSV File crypted.png 

Hash passwords using SHA256 cryptographic hash mode

Caution: You should use this mode only for employee passwords.

1. Select the Hash tab.

2. You can hash a single password containing a string of characters.

  • Enter the string of characters in the String field in the Manual section.
  • (optional) You can add a salt to the hashing process by checking the With SALT box. Next, click Renew to generate the key.
  • Click Hash.
    The hashed password will appear in the Hashed field.

3. You can batch hash passwords contained in a CSV file.

  • Click Load... in the Automatic section to select the CSV file.
             EasyCrypt - CSV File.png
  • (optional) You can add a salt to the hashing process by checking the With SALT box.
  • Click Hash file.
    • All of the passwords in the file will be hashed, with a salt if the With SALT box was checked.
    • They will be saved in a CSV results file that will be created in the same folder as the initial file with the suffix _crypted.
      EasyCrypt - CSV File hashed.png 

Step 3: Store encrypted passwords.

Store administration passwords encrypted using a string of characters

Caution: You should only store passwords encrypted via Standard mode.

1. Copy the contents in the Encrypted field in the Encrypt tab.

2. Paste it in the relevant configuration file or table.

 

Store employee passwords encrypted using a CSV file 

StoreEmployeeCryptedPasswords

1. Define an integration model.

  • Use the Employee connector.
  • Select the CSV file containing the encrypted passwords as the data source.
  • Map the fields for the passwords and for the salt if you selected the With Salt option during the hashing process.

2. Run the integration.

All of the passwords in the AM_EMPLOYEE table will be replaced with the encrypted passwords.

Tags:
Powered by XWiki © EasyVista 2022