Deploying multiple encryption plug-ins
In some cases, you need to use an encryption mechanism other than the Data Source Explorer default in your report application. For example, some applications need to create an encryption mechanism using the RSA algorithm that the default encryption plug‑in supports. In this case, you must create an additional encryption plug‑in instance. For use within BIRT Designer Professional, you can set this plug‑in as the default encryption mechanism. If you change the default encryption mechanism, you must take care when you work with old report designs. For example, if you change an existing password field in the designer, the designer re‑encrypts the password with the current default encryption algorithm regardless of the original algorithm that the field used.
How to create a new instance of the default encryption plug‑in
1 Make a copy of the default encryption plug‑in:
1 Copy the folder:
2 Paste the copied folder in the same folder:
3 Rename:
$ACTUATE_HOME\BRDPro\eclipse\plugins\Copy of com.actuate.birt.model.defaultsecurity_<Release>
to a new name, such as:
2 Modify the new plug‑in’s manifest file:
1 Open:
2 Change:
MANIFEST.MF now looks similar to the one in Listing 44‑4.
Listing 44‑4 Modified MANIFEST.MF for the new encryption plug‑in
Manifest-Version: 1.0
Bundle-ManifestVersion: 2
Bundle-Name: Actuate Default Security Plug-in
Bundle-SymbolicName: com.actuate.birt.model.defaultsecurity.rsa;singleton:=true
Bundle-Version: <release><version>
Require-Bundle:, org.eclipse.core.runtime,org.eclipse.birt.core;
Export-Package: com.actuate.birt.model.defaultsecurity.api
Bundle-ClassPath: acdefaultsecurity.jar
Bundle-Vendor: OpenText Corporation
Eclipse-LazyStart: true
3 Save and close MANIFEST.MF.
3 Modify the new plug‑in’s descriptor file to be the default encryption plug‑in:
1 Open:
2 Change:
plugin.xml now looks similar to the one in Listing 44‑5.
3 Save and close plugin.xml.
Listing 44‑5 Modified plugin.xml for the new encryption plug‑in
<?xml version="1.0" encoding="UTF-8"?>
<?eclipse version="<Version>"?>
name="default encryption helper"
<encryptionHelper class="com.actuate.birt.model.defaultsecurity.api
extensionName="rsa" isDefault="true" />
4 Modify the original plug‑in’s descriptor file, so that it is no longer the default encryption plug‑in:
1 Open:
2 Change:
3 Save and close plugin.xml.
5 Set the encryption type in the new plug‑in to RSA:
1 Open:
2 Change the encryption type to public encryption:
type=public encryption
3 Change the algorithm type to RSA:
4 Copy the pre-generated private and public keys for RSA to the symmetric‑key and public‑key properties. now looks similar to the one in Listing 44‑6.
5 Save and close
Listing 44‑6 Modified file for the new encryption plug‑in
#message symmetric encryption , public encryption
type=public encryption
#private encryption: DES(default), DESede
#public encryption: RSA
# NONE , CBC , CFB , ECB( default ) , OFB , PCBC
#NoPadding , OAEP , PKCS5Padding( default ) , SSL3Padding
#For key , support default key value for algorithm
#For DESede ,DES we only need to support private key
#private key value of DESede algorithm : 20b0020e918..
#private key value of DES algorithm: 527c23ea...
# RSA algorithm uses a key pair. You should support
#private-public key pair
#private key value of RSA algorithm: 308202760201003....
#public key value of RSA algorithm: 30819f300d0....
#private key
#public key
6 To test the new default RSA encryption, open BIRT Designer Professional and create a new report design. Create a data source and type the password.
7 View the XML source of the report design file. Locate the data source definition code. The encryptionID is rsa, as shown in the following sample:
<oda-data-source name="Data Source" id="6"
extensionID="" >
<text-property name="displayName"></text-property>
<property name="odaDriverClass">
<property name="odaURL">
<property name="odaUser">root</property>
<encrypted-property name="odaPassword"
8 Create a data set and a simple report design. Preview the report to validate that BIRT connects successfully to the database server using the encrypted password. Before trying to connect to the data source the report engine decrypts the password stored in the report design using the default RSA encryption plug‑in. Then the engine submits the decrypted value to the database server.