In this section: |
Security functions are available to test the state of the current user. As a user logs on, usually through an Authentication Provider, the authority of the current user is encapsulated in a Principal, which identifies the user and the roles (authorities) that the user possesses. For example, an administrative user has the role admin as a standard, but role names are related to services available to the user when that user logs on. Roles are assigned by the security system (Authentication Realm Providers) based on information stored about the user in the appropriate information stores.
_aes(action,key,input [,iterations [,strength]]
action | keyword | The action to be performed.
The value must be literal. |
key | string | Key for the operation. |
input | string | Value to be encrypted or decrypted. |
iterations | integer | Number of algorithm iterations (default is 1). |
strength | keyword | 128, 192 or 256. Must be a literal. |
Advanced Encryption Standard (AES) is an encryption standard adopted by the U.S. government in 2002. Implementations of AES are available in many encryption packages. Details on AES are beyond the scope of this manual but can be found in many sources of cryptographic information.
AES supports key strengths of 128 (the server default), 192 and 256 bits. Due to import-control restrictions imposed by some countries, the default jurisdiction policy files only permit strong cryptography to be used. An unlimited strength version of these files (that is, with no restrictions on cryptographic strength) is available but is not distributed by iWay.
AES is a block cypher that encrypts and then reencrypts. Any number of iterations can be entered, and the more iterations used, the higher the cryptographic strength of the result. However, this must be balanced against the processor overhead.
The key is entered as an iFL string, and can contain up to 16, 24. or 32 characters. Each character must have a value below 256. Use of escaped literals of iRL, such as use of Unicode values or hex values enable entry of complex keys. Keys shorter than the specified lengths will be padded with binary zero.
aes('encrypt','iway software','aes')
BtJLII90UBV7wtsrpN8TDw==
_aes('decrypt','iway software','BtJLII90UBV7wtsrpN8TDw==')
aesIt may be convenient to store the key in a properties file or a special register. It is recommended that the key not be hard coded in the function call. A common way to do this is to configure a register using the iWay console, or to add to a startup script:
set register mykey _concat('secret key\x01')The _concat function is used because the iFL optimizers would not recognize the literal 'secret key\x01' and would not convert the hexadecimal escape. Using the _concat() function causes the iFL interpreter to evaluate the literal to produce the 11 character key. This will be padded with five binary zeros by the system (assuming 128 bit keys).
_hasrole(name)
name | string | The name of an authority to be tested. |
The current Principal is tested for the names authority. If the user represented by this Principal has the identified authority the function returns true.
_getprin(keyword)
keyword | string | Keyword of which information is to be obtained. user. User name. password. Password of the user. |
The information associated with the current Principal is returned. A common use of this information is to configure an emitter that inherits the login credentials of the current user.
This function returns auto when the principals are not configured on the server and the default user is used. Otherwise, the principal on the channel is returned.
_encr(value)
value | string | Term to encrypt |
iWay uses a simple cryptographic mechanism to mask passwords stored in its configuration files. The algorithm employs random seeds and salting when generating the encrypted result. The result is marked with functional braces for recognition by the internal decryption services when the value needs to be used.
iWay strongly recommends that this function not be used to protect values in business systems. Facilities to use validated PKI and session key cryptography are readily available for this purpose. The use of this function should be restricted to password masking and similar purposes.
_encr(‘iway’)
ENCR(3157318131043128321832252993249)
_md5 (term [,term*])
term | string | A value to be added to the hash. |
In cryptography, MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash function with a 128-bit hash value. MD5 confirms to an Internet standard (RFC 1321). MD5 has been employed in a wide variety of security applications, and is also commonly used to check the integrity of files. An MD5 hash is typically expressed as a 32-digit hexadecimal number. Unlike functions, such as _uuid() that generate unique numbers, an MD5 hash will produce the same value given identical input. The iWay functional language enables generation of an MD5 hash of from one to nine terms.
_md5('username','realm','password')returns
66999343281B2624585FD58CC9D36DFC
A standard use of MD5 is in digest authorization in HTTP. In this case, the username, password, a realm name and a set of random values called nonces are used to generate the hash.
Commonly in iWay, it is useful to add a hash value to a message or to check it on receipt. The _md5 function can help with this requirement.
_sha1(term [,term*])
term | string | Term to include in the SHA1 computation. |
The SHA (Secure Hash Algorithm) hash1 functions is a cryptographic hash function designed by the National Security Agency (NSA) and published by the NIST as a U.S. Federal Information Processing Standard.
Although some concern has been raised about the absolute cryptographic security of the SHA1 algorithm, it remains a commonly used hash for securing the value of data.
For example:
_sha1('name','digest','password','1234567')The following is returned:
95e760b78aaa4ccca9ac94b8815e753674bafaa7
| iWay Software |