Encrypt and decrypt properties over REST
The openidm.encrypt
and openidm.decrypt
functions of the Resource API enable you to encrypt and decrypt property values. To use these functions over the REST interface, run the ?_action=eval
action on the script
endpoint.
The following example uses the openidm.encrypt
function to encrypt a password value:
curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Content-Type: application/json" \ --cacert ca-cert.pem \ --request POST \ --data '{ "type": "text/javascript", "globals": { "val": { "myKey": "myPassword" } }, "source":"openidm.encrypt(val,null,\"idm.password.encryption\");" }' \ "https://localhost:8443/openidm/script?_action=eval" { "$crypto": { "type": "x-simple-encryption", "value": { "cipher": "AES/CBC/PKCS5Padding", "stableId": "openidm-sym-default", "salt": "qAS/eG7zdnFyK5H8lXvqTA==", "data": "zewf6hR1yjp34EFJqUGpdnzzFCPJs2IaX4V97jdQlSI=", "keySize": 16, "purpose": "idm.password.encryption", "iv": "A4pIiY6kG6t0uLyLmJAoWQ==", "mac": "sFDJqg0Mmp0Ftl+1q1Bjzw==" } } }
The following example uses the openidm.decrypt
function to decrypt the password value:
curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Content-Type: application/json" \ --cacert ca-cert.pem \ --request POST \ --data '{ "type": "text/javascript", "globals": { "val": { "$crypto": { "type": "x-simple-encryption", "value": { "cipher": "AES/CBC/PKCS5Padding", "stableId": "openidm-sym-default", "salt": "qAS/eG7zdnFyK5H8lXvqTA==", "data": "zewf6hR1yjp34EFJqUGpdnzzFCPJs2IaX4V97jdQlSI=", "keySize": 16, "purpose": "idm.password.encryption", "iv": "A4pIiY6kG6t0uLyLmJAoWQ==", "mac": "sFDJqg0Mmp0Ftl+1q1Bjzw==" } } } }, "source":"openidm.decrypt(val);" }' \ "https://localhost:8443/openidm/script?_action=eval" { "myKey": "myPassword" }
For more information, see openidm.encrypt
and openidm.decrypt
.