- buster 7.2.2-1
- buster-backports 7.6.2-1~bpo10+2
- testing 7.6.2-1
- unstable 7.6.2-2
- experimental 7.6.4-1~exp1
msencrypt(1) | msencrypt(1) |
NAME¶
msencrypt - create an encryption key or encrypt portions of connection strings for use in mapfilesSYNOPSIS¶
msencrypt
[-keygen file | -key file string]
DESCRIPTION¶
msencrypt can create an encryption key or encrypt portions of connection strings for use in mapfiles. Typically you might want to encrypt portions of the CONNECTION parameter for a database connection. The following CONNECTIONTYPEs are supported for using this encryption method:- •
- OGR
- •
- Oracle Spatial
- •
- PostGIS
- •
- SDE
OPTIONS¶
- -keygen file
- Creates a new encryption key in file.
- -key file string
- Use the key in file to encrypt string.
NOTES¶
Use in Mapfile.The location of the encryption key can be specified by two mechanisms, either by setting the environment variable MS_ENCRYPTION_KEY or using a CONFIG directive in the MAP object of your mapfile. For example:
CONFIG MS_ENCRYPTION_KEY "/path/to/mykey.txt"
Use the { and } characters as delimiters for encrypted strings inside database CONNECTIONs in your mapfile. For example:
CONNECTIONTYPE ORACLESPATIAL CONNECTION "user/{MIIBugIBAAKBgQCP0Yj+Seh8==}@service"
EXAMPLE¶
LAYER NAME "provinces" TYPE POLYGON CONNECTIONTYPE POSTGIS CONNECTION "host=127.0.0.1 dbname=gmap user=postgres password=iluvyou18 port=5432" DATA "the_geom FROM province using SRID=42304" STATUS DEFAULT CLASS NAME "Countries" COLOR 255 0 0 END END
Here are the steps to encrypt the password in the above connection:
- 1.
- Generate an encryption key (note that this key should not be stored anywhere within your web server's accessible directories):
msencrypt -keygen "/home/user/mykey.txt"
And this generated key file might contain something like:
2137FEFDB5611448738D9FBB1DC59055
- 2.
- Encrypt the connection's password using that generated key:
msencrypt -key "/home/user/mykey.txt" "iluvyou18"
Which returns the password encrypted, at the commandline (you'll use it in a second):
3656026A23DBAFC04C402EDFAB7CE714
- 3.
- Edit the mapfile to make sure the 'mykey.txt' can be found, using the "MS_ENCRYPTION_KEY" environment variable. The CONFIG parameter inside the MAP object can be used to set an environment variable inside a mapfile:
MAP ... CONFIG "MS_ENCRYPTION_KEY" "/home/user/mykey.txt" ... END #mapfile
- 4.
- Modify the layer's CONNECTION to use the generated password key, making sure to use the "{}" brackets around the key:
CONNECTION "host=127.0.0.1 dbname=gmap user=postgres password={3656026A23DBAFC04C402EDFAB7CE714} port=5432"
- 5.
- Done! Give your new encrypted mapfile a try with the shp2img(1) utility!
20 February 2019 |