innovaphone Forum

You are here

Help with Search (new window)
Picture of Sam 4951
Registered 5 years 4 days
Sam 4951 Wednesday, 15 December 2021, 11:49 AM
Password encryption with C++ config library
Hello,

My task is to write an app that behaves exactly the same as the Calendar configuration (PBX Manager > AP calendar > Configure) by using the Config API.
All works fine except for the Exchange server password.

When the password is "ABC", AP calendar sends "exchangeSyncPassword":{"value":"38ad60","key":"0.rrh1yrcwrzr"} in a WriteConfig message.

But ...

1. ConfigString::Decrypt("0.rrh1yrcwrzr", "38ad60", decoded.data(), maxSize); does not return "ABC".

2. ConfigString::Encrypt("0.rrh1yrcwrzr", "ABC", decoded.data(), maxSize); returns "c7790b" instead of "38ad60"

3. The Calendar App database contains "exchangeSyncPassword | f7c407" in the config table.
While the docu (https://sdk.innovaphone.com/13r2/sdk/common/lib/config.htm#ConfigString) says: "the password itself will be saved unencrypted to the database."

My question: How should the C++ config library be used to write "f7c407" in the config table when the password is "ABC"?

Best regards,
Sam

Picture of Marc Schodermayr (innovaphone)
Moderator Registered 9 years 201 days
Marc Schodermayr (innovaphone) Wednesday, 15 December 2021, 02:19 PM
Re: Password encryption with C++ config library
Hello Sam,

sorry to say that, but the documentation is not up-to-date. A password is saved encrypted to the database. We added that after the config library have been completed and forgot about updating the documentation. shy

The password encrypted from the JavaScript side need to be decrypted using the AppWebsocket::AppWebsocketDecrypt function. It will then be encrypted again and written to the database. The seed used here is not public and therefore unkown.

However, the C++ library will decrypt the password when read from the database. You can access the value there wihtout problems. But it will never be send back to the JavaScript side for security reasons. So when the JavaScript side receives the config values from the C++ side, password fields will always be empty.

Regards
Marc



Picture of Sam 4951
Registered 5 years 4 days
Sam 4951 Thursday, 16 December 2021, 12:03 PM
Re: Password encryption with C++ config library
Hello Marc,

I thought ConfigString::Encrypt(const char * seed, const char * password, char * out, size_t len);
would behave exactly the same as AppWebsocket::AppWebsocketEncrypt(const char * seed, const char * data, char * out, size_t outLen);
because they have exactly the same signature and because you can feed it with the encryption key.

But after your explanation and some testing it is now clear that you can't use ConfigString::Encrypt to create a password inside a WriteConfig message
(which I still find weird because the ConfigString class is part of the Config API).

AppWebsocketEncrypt also takes the session key of it's websocket connection into account (next to the seed).

My issue is solved: the App can now send a correct WriteConfig message to the Calendar App.

Thanks for your explanation.

Best regards,
Sam
← You can define your color theme preference here