Thursday, July 22, 2010

Siebel Encryption

Encryption is one term which gives you goosebump no matter what your mood is. There are many scenarios which involves data movement across multiple system using web services, http adapters or queues. Security remains a concern whichever option you go for and if data is related to real time transaction number or payment number then it becomes extremely important that data is encrypted while travelling across the system.

There was one of the requirements which involved encrypted and unique number generation so that new number couldn’t be guessed by looking at existing values. I tried to find any OOB business service that siebel might provide in order to encrypt data while sending to external system but unfortunately I was not able to found any OOB user property or any business service which could do trick for me. However I found Some Field level user Properties which does encyption of field while storing in database and while rendering that field is decrypted back. Encrypt Key Field and Encrypt Service Name are two user properties which does the encryption but it was not relevant in context as I needed data to be encrypted when I send that to external system. We will discuss these encryption user properties in later post.


Now coming back to original requirement as per need data which we send to external system should be in encrypted and unique in some format . There could be multiple ways to achieve this. One can write business service using Base 64 algorithm or his own algorithm to encrypt data and generate unique value but anybody knowing that alogrithm could decode the output value. After some analysis we found there is one utility that comes with siebel itself which encrypts any string and generates unique and encrypted string. Generally this is used to generate encrypted user passwords for cfg files. This utility is located under “/u01/app/siebel/product/8.0.0/siebsrvr/bin/encryptstring”. One can make use of this utility in business service to generate random encrypted unique code. Beauty of this utility is everytime it generates unique output value for the same input value. However all good things with some price. The disadvantage is siebel has not published the algorithm which is used to generate the output value so the encrypted random value which we get as output can’t be decrypted back to original value.

1 comment:

Discovering said...

One of the ways to achieve these kind of requirements can be by using a secret key which is with siebel as well as destination system.

A typical approach is to encrypt the data using this key. A simple XOR using this key will give an encrypted string which can be decrypted by the destination system using the same key. The key here is to keep the secret key a real secret so in most environments these keys are kept in keydb files on server and are not hardcoded. This file is read during the interface.

Another is a signature base approach in which a signaure is generated for the data to be sent using a key(basically a digest)To achieve this encryption, we can use custom java clases which use MD-5 or SHA-1 algorithms to generate an HMAC. These java classes can be used as Business Services using class CSSJavaBusinessService.

The destination system will verify the signature using there key and if the signature is valid this means data was not tempered with after it was transmitted from siebel hence can be processed. Using custom JAVA classes helps as it open the world to open source community hence a no of encodings and digest algorithms.