ReCrystallize Software

Encrypting parameter values

ReCrystallize Server provides an encryption capability for parameter values. Using encrypted values for parameters will prevent end users from determining the true value of the parameter, even if the encrypted value is visible as part of the web address. Enforcing parameter encryption helps prevent end users from changing the intended value because a non-encrypted value will not be accepted and the end user will be unable to provide a correct encrypted value.

Two encryption methods are available in ReCrystallize Server: AES and Triple DES. Either may be used to provide encrypted parameter values. To use AES, name the field using one of the following formats:

promptAES -parametername

Px-AES where x represents the number parameter number.

To use Triple DES, name the field using one of the following formats:

prompt3DES -parametername

Px-3DES where x represents the number parameter number.

For example, the non-encrypted “author” parameter in the URL below

ViewReport.aspx?reportName=library.rpt&author=Shakespeare

with AES encryption becomes

ViewReport.aspx?reportName=library.rpt&promptAES-author=3zDqgZAX%2bmLv6m0AFuxDcg%3d%3d

or

ViewReport.aspx?reportName=library.rpt&P1-AES-author=3zDqgZAX%2bmLv6m0AFuxDcg%3d%3d

where Author is the first parameter occurring in the library report.

The actual encrypted strings will vary depending on the encryption key, which may be customized in Settings.

To require encrypted parameters, change the Require Parameter Encryption setting to true. When Require Parameter Encryption is set to true, parameters must use the promptAES or promptDES format. Non-encrypted values using promptex will be ignored.

Three tools are available to assist with encrypting text values.

• An interactive web page that accepts a string and provides encrypted versions for both AES and Triple DES is available at
bc. ReCrystallizeServer/EncryptTool.aspx

• The page at

ReCrystallizeServer/EncryptFile.aspx

will accept a text file with one value string on each line. It will then return a file with the corresponding AES encrypted values, one string on each line of the file.

• A web service is available at

ReCrystallizeServer/EncryptService.asmx

The web service accepts two inputs, the text string to be encrypted and the encryption method, either AES or 3DES .
It returns the corresponding encrypted text string.

Last modified: 11 November 2021

Feedback

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment