cm encryptpasswords -encrypt
Encrypting Passwords in the Database
Learn how to encrypt passwords stored in the database.
What you'll learn
- Encrypt your passwords stored in the database
- A CoreMedia system
- Knowledge about the CoreMedia system's file structure, configuration, and operation
Should I read this?
cm encryptpasswords utility will encrypt all passwords (to be more strict, the hash values of the passwords) stored in the database with a 256-bit key on basis of the AES algorithm (Rijndael).
When starting the utility, make sure that the corresponding CoreMedia Content Server is not running.
Encrypting the passwords of a Replication Live Server needs slightly more care:
Set the property
Start the server.
Wait until the initial replication is complete.
Stop the server.
Encrypt the passwords with
Set the property
The utility program is executed with:
During operation, the utility writes some output to indicate the progress of encryption.
The generated key is written to the file
Do not delete this key file and instead make sure that a backup exists in a safe place. Without the file, it is no longer possible to log in.
You must copy this file to the Content Server installation under
$INSTALL_DIR/etc/keys. The path can be configured by setting the property cap.server.encrypt-passwords-key-file.
If you want to install a new server and you still want to use the old database, the key file from the old installation must be present in the new installation. Likewise, if you want to install and use a new database you must delete the key file. Otherwise, the program would try to decrypt the new decrypted passwords.
When the utility is used more than once, the passwords will be re-encrypted with a new key.
Decrypting the Passwords
If you want to revert to decrypted passwords, run the following command and remove the key file from the server installation afterwards:
cm encryptpasswords -decrypt