cancel
Showing results for 
Search instead for 
Did you mean: 
cryptochrome
Level 7

Cloud Storage Encryption: Random ecryption password?

Hi,

the default ruleset for Cloud Storage Encryption (which works fantastically well, btw) sets a user defined encryption password to a fixed string. Is it possible to either randomize this or assign a different password for each user?

Thanks

Sascha

0 Kudos
10 Replies
alexott
Level 11

Re: Cloud Storage Encryption: Random ecryption password?

Hi

yes, you can assign a different password for each user - you only need to be sure that the same password will be used for both encryption & decryption. Potentially you can use a list of MapType to store mapping between user names & associated passwords. In this case, rules to set password could look following way:

  • condition: Always, action: continue, event: Set user-defined property to default password
  • condition: Map.HasKey(mapList, userName) equals true, action: continue, event: Set user-defined property to Map.GetStringValue(mapList, userName)
0 Kudos
cryptochrome
Level 7

Re: Cloud Storage Encryption: Random ecryption password?

Excellent, thanks Alex. How do I make sure the same password is being used for decryption? And do I need to use both conditions in the "set password" rule?

0 Kudos
alexott
Level 11

Re: Cloud Storage Encryption: Random ecryption password?

The best way to ensure that the same password is used is to store it in the user-defined property, as it's done already, and it's better if this property should be set in the same ruleset as Encryption & Decryption operations...

In my example I've used 2 rules just to be sure, that some default password will be set if user has no entry in the mapping list - in this case, you could be sure that even if you forget to add user to mapping, he will get some password for encryption.

0 Kudos
cryptochrome
Level 7

Re: Cloud Storage Encryption: Random ecryption password?

Ok, I see. That also means I will have to manually add users to the mapping list? Could this list be filled autmatically? Basically I want to "set it and forget it", just making sure that every user gets his own password.

0 Kudos
alexott
Level 11

Re: Cloud Storage Encryption: Random ecryption password?

potentially, yes - this could be done automatically, for example, if you'll put this mapping into external list, or something like... You can look to ExtLists.Map property and  how to use it is described in documentation.

0 Kudos
cryptochrome
Level 7

Re: Cloud Storage Encryption: Random ecryption password?

Ok, but there is no way I could extract the username from the current session and feed it into a list?

I know, I am asking a lot... just curious.

0 Kudos
alexott
Level 11

Re: Cloud Storage Encryption: Random ecryption password?

if you're using authentication, then you can use the Authentication.UserName property to get user's name... Or you're referring to name of user on given service?

0 Kudos
cryptochrome
Level 7

Re: Cloud Storage Encryption: Random ecryption password?

Yes, we're using authentication. When using Authentication.UserName, how would I fold that into a rule that would accomplish what I need? Sorry, I am very new to the whole MWG thing...

Thanks!

0 Kudos
alexott
Level 11

Re: Cloud Storage Encryption: Random ecryption password?

You need to do following:

  • create a list of MapType, call it something like 'passwords' and fill it with pairs of username/password
  • Create a rule with following content to set default password (just in case, if your mapping is incomplete):

Condition: Map.HasKey(passwords, Authentication.UserName) equals 'false'

Action: Continue

Event: Set user-defined property: Encryption-Password to "some default password if user isn't found"

  • Create another rule that will find real password:

Condition: Map.HasKey(passwords, Authentication.UserName) equals 'true'

Action: Continue

Event: Set user-defined property: Encryption-Password to property Map.GetStringValue(passwords, Authentication.UserName)

  • use the user-defined propety Encryption-Password as an password argument for Encryption & Decryption actions...
0 Kudos