Man page - msencrypt(1)

Packages contains this manual

Package:  mapserver-bin
apt-get install mapserver-bin

Manuals in package:
• shptree(1)
• msencrypt(1)
• scalebar(1)
• coshp(1)
• shptreevis(1)
• sortshp(1)
• shptreetst(1)
• mapserv(1)
• legend(1)
• tile4ms(1)
• map2img(1)
Documentations in package:
• mapserver-bin

Manual

msencrypt

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
NOTES
EXAMPLE

---

NAME

msencrypt - create an encryption key or encrypt portions of connection strings for use in mapfiles

SYNOPSIS

msencrypt [ -keygen file | -key file string ]

DESCRIPTION

msencrypt can create an encryption key or encrypt portions of connection strings for use in mapfiles. Typically you might want to encrypt portions of the CONNECTION parameter for a database connection. The following CONNECTIONTYPEs are supported for using this encryption method:

	•		OGR
	•		Oracle Spatial
	•		PostGIS
	•		SDE

OPTIONS

-keygen file

Creates a new encryption key in file .

-key file string

Use the key in file to encrypt string .

NOTES

Use in Mapfile .

The location of the encryption key can be specified by two mechanisms, either by setting the environment variable MS_ENCRYPTION_KEY or using a CONFIG directive in the MAP object of your mapfile. For example:

CONFIG MS_ENCRYPTION_KEY "/path/to/mykey.txt"

Use the { and } characters as delimiters for encrypted strings inside database CONNECTIONs in your mapfile. For example:

CONNECTIONTYPE ORACLESPATIAL
CONNECTION "user/{MIIBugIBAAKBgQCP0Yj+Seh8==}@service"

EXAMPLE

LAYER
NAME "provinces"
TYPE POLYGON
CONNECTIONTYPE POSTGIS
CONNECTION "host=127.0.0.1 dbname=gmap user=postgres password=iluvyou18 port=5432"
DATA "the_geom FROM province using SRID=42304"
STATUS DEFAULT
CLASS
NAME "Countries"
COLOR 255 0 0
END
END

Here are the steps to encrypt the password in the above connection:

1.

Generate an encryption key (note that this key should not be stored anywhere within your web server’s accessible directories):

msencrypt -keygen "/home/user/mykey.txt"

And this generated key file might contain something like:

2137FEFDB5611448738D9FBB1DC59055

2.

Encrypt the connection’s password using that generated key:

msencrypt -key "/home/user/mykey.txt" "iluvyou18"

Which returns the password encrypted, at the commandline (you’ll use it in a second):

3656026A23DBAFC04C402EDFAB7CE714

3.

Edit the mapfile to make sure the ’mykey.txt’ can be found, using the "MS_ENCRYPTION_KEY" environment variable. The CONFIG parameter inside the MAP object can be used to set an environment variable inside a mapfile:

MAP
...
CONFIG "MS_ENCRYPTION_KEY" "/home/user/mykey.txt"
...
END #mapfile

4.

Modify the layer’s CONNECTION to use the generated password key, making sure to use the "{}" brackets around the key:

CONNECTION "host=127.0.0.1 dbname=gmap user=postgres
password={3656026A23DBAFC04C402EDFAB7CE714} port=5432"

5.

Done! Give your new encrypted mapfile a try with the map2img (1) utility!

---