Adding Values for Public Key, Private Key, and Key Index Tokens

  • Article

The Commerce Server OLE DB Provider calls the CryptoAPI using the public key and private key values. The values for these public key, private key, and key index tokens must be added manually to the Commerce Server OLE DB Provider connection strings, because there are no UI tools to do this. Note that these values are not stored in the Administration database. It is your responsibility to store these values in appropriately secure storage.

The following tokens are required:

  • 1 Public key token (PublicKey)
  • 2 Private key tokens (PrivateKey1, PrivateKey2)
  • 1 Key Index

The KeyIndex is used to determine which Public key/Private key pair is used in decrypting a given value. The KeyIndex value is determined as follows:

  • When PublicKey is used with PrivateKey1,the KeyIndex value is 1
  • When PublicKey is used with PrivateKey2, the KeyIndex value is 2

Token Settings and the Data Values Returned

If the private key is not specified in the Commerce Server OLE DB Provider connection string, then the encrypted value of the property is returned.

If the private key is specified in the Commerce Server OLE DB Provider connection string, then the decrypted value of the property is returned.

If you are encrypting data, then both the public key and the key index must be specified in the Commerce Server OLE DB Provider connection string.

If you want to both encrypt and decrypt values during any given database connection, then the private key value should correspond to the public key value. Additionally, the private key value must be specified in the appropriate token. For example if the KeyIndex value is equal to 2, then the private key should be specified in the PrivateKey2 token.

In order to add the token values to the Commerce Server OLE DB Provider connection string, you must make the following changes in the global.asa file to the function cnGetProviderConnection. The Profile Service gains access to these keys because it makes calls to the Commerce Server OLEDB Provider.

Original cnGetProviderConnection function:

Function cnGetProviderConnection(oSiteConfigObj)
              Dim cn
              Dim connstr
              ' -- ADO object state values
              const AD_STATE_CLOSED         = &H00000000              
              connstr= sGetSiteConfigField(oSiteConfigObj, "Biz Data Service", "s_CommerceProviderConnectionString")
              set cn = Server.CreateObject("ADODB.Connection")
                          if (cn.State = AD_STATE_CLOSED) then
                            cn.Open CStr(connstr)
                            set cnGetProviderConnection = cn
              end if
End Function

Modified cnGetProviderConnection that adds the key tokens: 

Function cnGetProviderConnection(oSiteConfigObj)
              Dim cn
              Dim connstr
              Dim publickey, privatekey1, privatekey2
              ' -- ADO object state values
              const AD_STATE_CLOSED         = &H00000000              
              connstr= sGetSiteConfigField(oSiteConfigObj, 
                                           "Biz Data Service"    
                                           "s_CommerceProviderConnectionString")
             ' Append the public/private to the connection string
             
publicKey = "<hex-string>"privateKey1 = "<hex-string>"
             connstr = connstr & ":PublicKey=" & publicKey &
                ":PrivateKey1=" & privateKey1 & ": & "KeyIndex=1"
              set cn = Server.CreateObject("ADODB.Connection")
                          if (cn.State = AD_STATE_CLOSED) then
                            cn.Open CStr(connstr)
                            set cnGetProviderConnection = cn
              end if
End Function

In the Business Desk root folder, in the file \Profiles\CommonXMLRoutines.asp, you must change the function cnGetProviderConnection in the same way that you changed the cnGetProviderConnection in the example above. The reason that you must make this change is to save the connection string values in the session state variable.

The following are sample connection strings:

Sample Profile Service connection string:

"Provider=CSOLEDB;SERVER=<server-name>;DATABASE=<db-name>;Integrated Security=SSPI;PublicKey=<hex-string>;PrivateKey1=<hex-string>;PrivateKey2=<hex-string>;KeyIndex=1"

Sample CSOLEDB Provider connection string:

"url=mscop://InProcConnect/Server=<server-name>:Database=<db-name>:Catalog=Profile Definitions:Trusted_Connection=True:PublicKey=<hex-string>:PrivateKey1=<hex-string>:PrivateKey2=<hex-string>:KeyIndex=1"

Note that this style of connection string transmits both the public and private keys in clear text, which may compromise your Web site.

If your application uses ASP.NET, you will need to add the following code section to the file web.config. (See the GrenadeFxTest sample, where the code to modify the file web.config has been included but commented out.)

<profiles>
   <encryption>
      <keys keyIndex = "1">
         <add type="publicKey" value="<hex-string>" />
            <add type="privateKey1" value="<hex-string>" />
               <add type="privateKey2" value="<hex-string>" />
      </keys>
    </encryption>

Copyright © 2005 Microsoft Corporation.
All rights reserved.