Structure of an Encrypted Object

Encrypted objects and properties, such as passwords, include a $crypto object, that has the following structure: 

"password": {
  "$crypto": {
    "type": "x-simple-encryption",
    "value": {
      "cipher": "AES/CBC/PKCS5Padding",
      "stableId": "openidm-sym-default",
      "salt": "Gwi+AGrn+VBOTmyq+TTuuw==",
      "data": "+9i7XAXpWZBXYTVEOBkM+w==",
      "keySize": 16,
      "purpose": "idm.password.encryption",
      "iv": "4xtI88eFu5tgfm8ooq+yqQ==",
      "mac": "N1zsYo71M/b/G6iLOhNohA=="
    }
  }
}

Most of the properties in the encrypted object value are self-explanatory and indicate how the property was encrypted. Specific IDM properties include the following:

  • The stableId indicates the key alias that was used to encrypt the property value.

  • The purpose refers to the secret ID used to encrypt the property value. For more information about secret IDs, see "Configuring Secret Stores".

Read a different version of :