Encrypting and Decrypting Properties Over REST
The openidm.encrypt and openidm.decrypt functions of the Resource API enable you to encrypt and decrypt property values. To use these functions over the REST interface, run the ?_action=eval action on the script endpoint.
The following example uses the openidm.encrypt function to encrypt a password value:
curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Content-Type: application/json" \ --cacert ca-cert.pem \ --request POST \ --data '{ "type": "text/javascript", "globals": { "val": { "myKey": "myPassword" } }, "source":"openidm.encrypt(val,null,\"idm.password.encryption\");" }' \ "https://localhost:8443/openidm/script?_action=eval"{ "$crypto": { "type": "x-simple-encryption", "value": { "cipher": "AES/CBC/PKCS5Padding", "stableId": "openidm-sym-default", "salt": "qAS/eG7zdnFyK5H8lXvqTA==", "data": "zewf6hR1yjp34EFJqUGpdnzzFCPJs2IaX4V97jdQlSI=", "keySize": 16, "purpose": "idm.password.encryption", "iv": "A4pIiY6kG6t0uLyLmJAoWQ==", "mac": "sFDJqg0Mmp0Ftl+1q1Bjzw==" } } }
The following example uses the openidm.decrypt function to decrypt the password value:
curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Content-Type: application/json" \ --cacert ca-cert.pem \ --request POST \ --data '{ "type": "text/javascript", "globals": { "val": { "$crypto": { "type": "x-simple-encryption", "value": { "cipher": "AES/CBC/PKCS5Padding", "stableId": "openidm-sym-default", "salt": "qAS/eG7zdnFyK5H8lXvqTA==", "data": "zewf6hR1yjp34EFJqUGpdnzzFCPJs2IaX4V97jdQlSI=", "keySize": 16, "purpose": "idm.password.encryption", "iv": "A4pIiY6kG6t0uLyLmJAoWQ==", "mac": "sFDJqg0Mmp0Ftl+1q1Bjzw==" } } } }, "source":"openidm.decrypt(val);" }' \ "https://localhost:8443/openidm/script?_action=eval"{ "myKey": "myPassword" }
For more information about the openidm.encrypt and openidm.decrypt functions, see openidm.encrypt(value, cipher, alias) and openidm.decrypt(value).