Home | Docs | Issue Tracker | FAQ | Download | |
Used to create an encryption key or to encrypt portions of connection strings for use in mapfiles (added in v4.10). Typically you might want to encrypt portions of the CONNECTION parameter for a database connection. The following CONNECTIONTYPEs are supported for using this encryption method:
OGR
Oracle Spatial
PostGIS
SDE
To create a new encryption key:
msencrypt -keygen [key_filename]
To encrypt a string:
msencrypt -key [key_filename] [string_to_encrypt]
The location of the encryption key can be specified by two mechanisms, either by setting the environment variable MS_ENCRYPTION_KEY or using a CONFIG directive in the MAP object of your mapfile. For example:
CONFIG MS_ENCRYPTION_KEY "/path/to/mykey.txt"
Use the { and } characters as delimiters for encrypted strings inside database CONNECTIONs in your mapfile. For example:
CONNECTIONTYPE ORACLESPATIAL
CONNECTION "user/{MIIBugIBAAKBgQCP0Yj+Seh8==}@service"
LAYER
NAME "provinces"
TYPE POLYGON
CONNECTIONTYPE POSTGIS
CONNECTION "host=127.0.0.1 dbname=gmap user=postgres password=iluvyou18 port=5432"
DATA "the_geom FROM province using SRID=42304"
STATUS DEFAULT
CLASS
NAME "Countries"
COLOR 255 0 0
END
END
Here are the steps to encrypt the password in the above connection:
msencrypt -keygen "E:\temp\mykey.txt"
And this generated key file might contain something like:
2137FEFDB5611448738D9FBB1DC59055
msencrypt -key "E:\temp\mykey.txt" "iluvyou18"
Which returns the password encrypted, at the commandline (you’ll use it in a second):
3656026A23DBAFC04C402EDFAB7CE714
MAP
...
CONFIG "MS_ENCRYPTION_KEY" "E:/temp/mykey.txt"
...
END #mapfile
CONNECTION "host=127.0.0.1 dbname=gmap user=postgres
password={3656026A23DBAFC04C402EDFAB7CE714} port=5432"