Hitachi Vantara Pentaho Community Forums
Results 1 to 7 of 7

Thread: En-/Decryption of fields

  1. #1
    Join Date
    Mar 2009
    Posts
    137

    Default En-/Decryption of fields

    Good Morning everybody (or good night, good evening, good afternoon... whereever you come from ),

    I have another question. Is it possible to decrypt a field that was encrypted before? I mean is there a step that can decrypt an encryption (e.g. a standard encryption used by kettle, like the one used to encrypt the password in repositories.xml).

    Thanks!

  2. #2
    Join Date
    May 2006
    Posts
    4,882

    Default

    It's not encryption, but obfuscation. But apart from that... no. Although it's pretty easy to make.

    Regards,
    Sven

  3. #3

    Default

    This seems to be a re-occuring subject... :
    http://forums.pentaho.org/showthread.php?t=71488

    Perhaps this should be something that can be addressed in future versions?

  4. #4

    Default How to use the Obfuscation algorithm of Pentaho in your code

    I was looking around the code and I found out which is the class that does the obfuscation of the passwords:

    package org.pentaho.di.core.encryption;
    public class Encr

    You can use this class in your transformations if you want to. In order to use it all you need to do is create a 'Modified Java Script Value' step and do something similar to:


    var text = "This is a test string";

    var encr = org.pentaho.di.core.encryption.Encr.encryptPassword(text);

    var decr = org.pentaho.di.core.encryption.Encr.decryptPassword(encr);




    VERY IMPORTANT NOTE:
    This code will obfuscate a string, making it harder to read, but this is by no means a secure solution! It might be enough to deter basic users, but it will not stop anyone with a little bit of java knowledge from getting to the real value!!

  5. #5
    Join Date
    Nov 1999
    Posts
    9,729

    Default

    To complete the answer, there is also a script called "Encr" that will encrypt passwords for you for inclusion in Kettle XML or a Carte password file.

  6. #6
    Join Date
    Mar 2009
    Posts
    137

    Default

    Well, thanks a lot for all the answers!

    Matt you say something about an Kettle XML... is that in the .kettle folder (or did you mean the kjb and ktr files)? ... or is it kettle.properties (I guess I cannot use obfuscation for this properties file - by the way thanks for this nice new word Sven ).

    I mean right now I save my db-passwords using the kettle.properties file but everybody can read those... so I guess obfuscation is enough, and I go with this nice JavaScript

    Thanks again!
    Last edited by Jogilein; 08-06-2009 at 07:02 AM.

  7. #7
    Join Date
    Nov 1999
    Posts
    9,729

    Default

    Believe it or not, certain folks, usually the underworld types, want to edit XML manually in what is called "text editors". For those folks, we provided the Encr script. It might also be interesting for storing encrypted passwords in variables etc.

    In general, as Sven mentioned multiple times on this forum already, it makes no sense to expose a properties file and consider your password safe, even if it's obfuscated. Consider applying appropriate security on the file in the first place.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Privacy Policy | Legal Notices | Safe Harbor Privacy Policy

Copyright © 2005 - 2019 Hitachi Vantara Corporation. All Rights Reserved.