In this blog, I would be talking about how the Essbase
password encryption works when you use the essmsh command. In one of my
previous blogs I had shown how the password encryption utility works and can be
used to encrypt and decrypt passwords and user names. Now, we deep dive into
the inner mechanics of the code that Essbase uses for password encryption.
Standard disclaimers come here. Please do not try this for any purpose other
than education. Secondly, as system administrators, it pays to know the
internal mechanics of the code working.
In order to generate the keys used for encryption, we make
use of the essmsh -gk command as shown in the below snapshot.
Observe that in the above
snapshot, two keys are generated. One is a public key that is used for
encryption and the other is a private key that is used for decryption.
Observe the part after comma
in both the keys in the above snapshot. This is same in both the keys and has a
value equal to 2430231641.
This is not accidental but it
is because of the internal mechanics of an encryption protocol called RSA which
is used by Essbase internally to encrypt and decrypt the passwords and user
names.
If you have ever used a
secure token, you have seen the protocol in action. Most of the security tokens
use either RSA or other variations of public key cryptography for generating
the passcodes. The reason it is called as a public key cryptography is because we
make use of one key(public key) which is available with everyone for encryption
and we make use of another key(private key) which is only available with a single user for decryption. How this keys are
used would be shown in the subsequent snapshots.
Now, let us see the keys in
action.
The below Java code shows me
trying to encrypt a value of 16 using the public keys generated and decrypting
the generated encrypted text using the private keys.
Don’t worry about the inner
syntax of the code since I will show in another blog how it works exactly. A
few quick pointers though.
BigInteger is generally a
String representation of an Integer value. Since a computer has an inner limit
on the maximum size of numbers that it can represent using internal registers,
if you ever crossover this limit, you can use BigInteger since it treats the
BigInteger as numbers but stores them as String.
ModPow function is basically
a combination of two operations, modulus and power operation. The first
parameter is the power to which a number is to be raised and the second
parameter is the divisor with which the power-raised number has to be divided
to get a remainder. For example, 2.modPow(3,5) is equal to (2*2*2)%5
=8%5
= 5(1) + 3
=3
The first line is just a hello world type of line which
tells what is the text that will be encrypted.
The second line shows the value of 16 encrypted using the
RSA algorithm.
The third line above shows what happens when we decrypt the
2287298920 with the private key. Observe that you get a value of 16 again.
In place of 16, you can choose any representation for user name and password that gets internally converted to a number based on some encoding scheme, run the program and the encryption would work. Apply the process in reverse with private key and decryption works.
This shows how the encryption and decryption works internally when we use the private keys and public keys we generated using essmsh.
No comments:
Post a Comment