Leveraging XOREncoding

IBM® WebSphere® sMash provides an XOREncoder library with a simple encoding API so applications do not have to store passwords in clear text. Depending on whether your library supports encoding of a property in zero.config, you can use the command line or Eclipse to encode the password using XOREncoding.

Using the API

For a complete overview of the XOREncoder API, see the javadoc for zero.core.security.util.XOREncoder.

Decoding a string during runtime

To decode a value obtained from the Global Context, do the following:

  1. Obtain the string from the global context.
  2. Invoke the decode method on the XOREncoder class. 
String encodedParameter =  GlobalContext.zget("/config/customLibrary/myPassword");
String decoded = zero.core.security.util.XOREncoder.decode(encodedParameter);
// use the decoded value to do something.

Leveraging EncoderCommand for encoding

EncoderCommand wraps XOREncoder to make it available as an executable java program. The program can be run through zero cli or EncoderCommand.class can be run directly through eclipse. EncoderCommand.class can be found in zero.core.${rev}.jar under Zero Resolved Libraries.

Using through cli

Since EncoderCommand is included in zero.core it is available with every WebSphere sMash application. Following is a an example of it being used.

  1. The string to be encoded can be specified on the command line. 
    [ ~/MysMashApp ] zero encode mypassw0rd
CWPZC2029I: Input
mypassw0rd
CWPZC2030I: Result
<xor>MiYvPiwsKG8tOw==
  2. If no argument is provided the command runs in interactive mode. 
    [ ~/MysMashApp ] zero encode
CWPZC2026I: Entering interactive mode.
CWPZC2027I: Please type encode or exit to quit.

encode
CWPZC2028I: Enter string to encode
mypassw0rd
CWPZC2030I: Result
<xor>MiYvPiwsKG8tOw==
CWPZC2027I: Please type encode or exit to quit.
exit

Using Eclipse

  1. Run the EncoderCommand.class as a "Java Application." through Eclipse. It runs as an interactive application.
  2. The encoder command prompts you to specify whether you would like to encode a string or exit. Enter the command "encode", and the string to be encoded. For example: 
    Jan 29, 2008 1:36:35 PM zero.core.security.util.EncoderCommand enterInteractiveMode
INFO: CWPZC2026I: Entering interactive mode.

Jan 29, 2008 1:36:36 PM zero.core.security.util.EncoderCommand enterInteractiveMode
INFO: CWPZC2027I: Please type encode or exit to quit.

encode
Jan 29, 2008 1:36:42 PM zero.core.security.util.EncoderCommand enterInteractiveMode
INFO: CWPZC2028I: Enter string to encode
mySpecialPassword
  3. The result of this command will look like this: 
    Jan 29, 2008 1:36:50 PM zero.core.security.util.EncoderCommand enterInteractiveMode
INFO: CWPZC2030I: Result
<xor>MiYMLzo8Nj4zDz4sLCgwLTs=
Jan 29, 2008 1:36:50 PM zero.core.security.util.EncoderCommand enterInteractiveMode
INFO: CWPZC2027I: Please type encode or exit to quit.

Version 1.1.30763