NOTE: I can use a solution that was developed in CA 2E or CA Plex for this issue.
I have a Plex 6.1 application that uses Crystal Reports (CR) 8.5 runtime to produce some reports. We are looking at changing the way we manage the CR's through the various environments before production.
In the past each CR was edited and adjusted to point to the correct DSN and library for the IBM i data - including sub-reports (which in some cases are extensive!).
I wanted to change this to use VBScript to use INI file settings to dynamically setup the correct DSN, database, user and password for the CR to access the data - but there is no way to store the password except in clear text in the INI file.
Does anyone know how I could encrypt and the decrypt password in the INI file for processing in our WinC function that manages the printing of the CR?
I know about SetAS400Password source object in the model - but this is like a one-way hash as there are no tools for decrypting so I can pass it to CR to print the report.
It depends on the level of encryption you want. If you do not mind a fairly week encryption, then the Plex OBString API has the "EncryptA" and "DecryptA" methods. Make some source code that takes your string as a parameter. Then put in your source code "&(1:).EncryptA()" or "&(1:).DecryptA()" (found in OBString.H in the Plex Include folder). These encrypt or decrypt the current string. If you want something stronger, then you either need to use a third party control, or look at something like the Windows API CryptProtectData and CryptUnprotectData (System.Security.Cryptography.ProtectedData class for .NET). These generate a key based on the current computer, so the same password cannot be used on a different computer. If you really want the password to be retrievable on any computer, then you need to find a way to secure a key, and use the CryptEncrypt and CryptDecrypt API (for .NET you would want to find something in the System.Security.Cryptography namespace). Examples for these API functions can be found online.
As always with passwords, the ONLY time to use reversible encryption is when you need to store the password for passing to something else. If you are validating passwords it is best to use a strong hash function. Then when the password is provided for verification, you hash that one and compare the hashed values. Any reversible encryption leaves you vulnerable to having the password lifted out. This is often considered a security flaw, as anytime you decrypt the password it can be found in RAM by a privileged program and stolen.
This looks interesting for IBM i encrypt/decrypt - might have to go that route if no other suggestions are provided.