All passwords that are required by iWay Service Manager (iSM), such as FTP login passwords, are stored within configuration files in masked format. Sometimes it is required to store application values in a secure manner. iSM tools provide the ability to store and hold property values using Advanced Encryption Standard (AES). The value is encoded using base64 as the encryption produces a binary encrypted value. Using a combination of techniques, no key or value ever needs to appear in clear form.

AES is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. AES has been adopted by the U.S. government and is now used worldwide for non-secure and secure data. It supersedes the Data Encryption Standard (DES), which was published in 1977. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used to encrypt and decrypt the data.

The AES encryption used for storing and retrieving property values uses a 128-bit key. Methods exist to use longer keys and more complex operations, but for general purposes AES128 provides a strong and reliable encryption operation. It is not required that the iSM set property command be used to store the value. This command is provided as a convenience for users but any tool that stores an AES value can be used.

The iSM set property command is a common means of adding an encrypted value to a property file. Later, the _aes() iFL function can be used to retrieve this value for use in a process flow. The set property command is described in the iWay Service Manager User's Guide, while the use of _aes() is described in the iWay Functional Language Reference Guide.

The -aes keyword uses the provided key to encrypt the value. Advanced Encryption Standard (AES) is a strong encryption standard. The key must be 16 characters or less, as it becomes a 128-bit key.

For example:

set property testproperty userpswd mypassword -aes iwaykey1

If the key value is stored in a Special Register (SREG), which is the usual practice, named for the secretkey sample, the command would be structured as follows:

set property testproperty userpswd mypassword -aes _sreg(secretkey)

Either method would generate a properties file called testproperty.properties. A common practice is to load the key into a server-level configuration register. That register might itself be loaded from a property file or database encrypted with the -encrypt keyword that uses a built-in masking facility. Thus, the actual key never needs to appear in clear (legible) format. The key should, or course, not be stored in the same property file as the AES-encrypted values. For example, the following key line could be loaded into the secretkey SREG during iSM startup by its own _property() function:

mysecret=ENCR(3237310127231613138296)

The AES-encoded value might appear as follows:

#Saved by set property command
#Fri Jan 24 14:52:29 EST 2014
userpswd=A8vRBNezksAtoySgaFbOygkuMeYqmIy6v9GsIwU6K60\=

This value can be read using standard iFL functions in the specific operand or command. For example:

_aes('decrypt',_sreg(secretkey),_property('testproperty','userpswd'))

This example generates mypassword for use in the process execution.

iWay Service Manager (iSM) automatically handles base64 encoding and decoding as required.