X-Cart:Blowfish

From X-Cart 4 Classic
Revision as of 13:01, 17 November 2010 by Ivka (talk | contribs)
Jump to: navigation, search

Security of sensitive data in your store database is ensured by Blowfish encryption algorithm. In X-Cart, this algorithm provides two levels of data encryption:

  1. Blowfish key-based encryption (used for order details, user passwords and some internal data);
  2. Merchant key-based encryption (used for order details).

Blowfish key-based encryption is used by default, whereas Merchant key-based encryption can be enabled at your wish to ensure a still higher level of security for your customers' data.

Blowfish key-based encryption

During installation, X-Cart generates a secret key to help you ensure store security - Blowfish key. This key gets written to X-Cart's config.php file as the value of the $blowfish_key variable, and, immediately after this key is generated, X-Cart begins using this key to encrypt user passwords, order details (details field of xcart_orders table), etc. The same key is used to decipher the encrypted data, so your customers' data stays protected even if a malicious user gains access to your database - provided this user did not get access to the file config.php of your X-Cart installation and your Blowfish key has not been compromised.

Changing your Blowfish key

It is quite safe to use X-Cart with the Blowfish key generated during installation; however, if you still wish to change it, use the utility for re-generation of the Blowfish encryption key provided with X-Cart tools (For details, see the section X-Cart's Advanced Tools in the 'Maintaining Your Store' section of this manual).

Never try to change your Blowfish key by editing the value of the $blowfish_key variable in config.php: your data is already encrypted with this key and X-Cart needs exactly the same key to be able to decrypt it. Editing $blowfish_key manually will corrupt all the user passwords, including the administrator password, so you will not be able to use the store.

Please be aware that a lost Blowfish key cannot be restored, so X-Cart team will not be able to help you regain access to your store if you remove or change the value of $blowfish_key.

Merchant key-based encryption

Blowfish data encryption based on using a Merchant key is still more secure than Blowfish key-based encryption method described above. In this method, you create a Merchant key - a password that allows you to encrypt the details of your customers' orders and to decrypt previously encrypted order details when you wish to view them. The higher level of security provided by this method is ensured by the fact that the key used to encrypt and decrypt order details is not stored anywhere in the system. The only thing that is stored is an MD5 signature of the key. When you need to access the details of a certain order, you manually enter your Merchant key into a special form on the 'Order details' page. The system calculates the MD5 hash of the Merchant key entered and compares it to the MD5 signature of the original Merchant key stored in your store's database. If the signatures are deemed to be identical, you will be allowed to access the details of any orders during the current administrator session.

Enabling Merchant key-based encryption

To enable Merchant key-based Blowfish encryption in your store, do the following:

1. In the 'General Settings/Security options' section of your store's Admin area, enable the option 'Enable merchant key based blowfish encryption method'. A page titled 'Add merchant key' opens. This page provides a form for creating a Merchant key:

Merchant key.gif

2. Think of a password that you would like to use for access to order details in your store and enter it into the 'Merchant key' field of the 'Add merchant key' form. Make sure this password is at least 6 characters long.

3. Enter the password once again into the 'Confirm merchant key' field.

4. Click the Submit Query button.

After you click on Submit Query, Merchant key-based Blowfish encryption is enabled in your store. Any data which has been encrypted by this time using the hard-coded Blowfish key from config.php is decrypted and re-encrypted using the Merchant key you provided. On completion, a message is displayed confirming that the order details have been successfully re-encrypted with the Merchant key.

Using your Merchant key to access order details and to apply encryption to new orders

After the creation of a Merchant key, a form titled 'Enter merchant key' will appear on the 'Order details' page.

Merchant key1.gif

You will see this form in any new user session when you attempt to view your customers' orders. To access the details of any order in the database, you will need to enter your Merchant key into the appropriate field in this form and click the Enter button. The form will disappear as soon as you enter a correct Merchant key and will not be displayed again until the session expires.

Please be aware that, because your Merchant key is not stored in the system, new orders getting placed by your customers will not be encrypted with the Merchant key right away. After placement, they will be encrypted with the Blowfish encryption key stored in the variable $blowfish_key in config.php. After you enter your Merchant key into the system, the new orders accumulated by this time will be decrypted and re-encrypted using the Merchant key.

Using the 'Enter merchant key' form in the Admin area is not the only way of providing your Merchant key to the system. You can initiate re-encrypting of order details remotely by entering the following line into the address bar of your web browser:

http://www.example.com/xcart/admin/post_recrypt.php?merchant_password=12345

replacing http://www.example.com/xcart/ with the actual address of your store and 12345 with your actual Merchant key.

Alternatively, you can use the command line:

/usr/bin/php {xcart_root_dir}/admin/post_recrypt.php merchant_password=12345

({xcart_root_dir} must be replaced by your X-Cart root directory and 12345 with your Merchant key).

Changing your Merchant key

It is possible to change a previously created Merchant key, but before you are allowed to create a new Merchant key, you will need to disable the existing one.

To change your merchant key select Tools->Change merchant key. The same form as for adding a new merchant key appears.

Disabling Merchant key-based encryption

Merchant key-based Blowfish encryption cannot be disabled without first entering a valid current Merchant key. This guarantees that encryption of order details will not be disabled by a person who is not authorized to do so even if this person gains access to the Admin area.

To disable Merchant key-based Blowfish encryption, do the following:

1. Go to the 'General Settings/Security options' section of the Admin area.

If you have already entered your Merchant key in the current session, the option 'Enable merchant key based blowfish encryption method' will look as follows:

Merchant key3.gif

This means you can proceed to step 2.

If you have not yet entered your Merchant key in the current session, the option 'Enable merchant key based blowfish encryption method' will look as follows:

Merchant key2.gif

This means the option cannot be disabled until you get authorized. Go to the 'Orders Management' section (Administration menu->Search for orders), do a search for any order and open its details. This should make the form 'Enter merchant key' appear on the page. Enter your Merchant key into the appropriate field in this form and click the Enter button. Wait for the key to be applied and return to the 'General Settings/Security options' section. This time you should see a selected check box opposite the option 'Enable merchant key based blowfish encryption method'. Proceed to step 2.

2. Unselect the 'Enable merchant key based blowfish encryption method' check box.

3. Click the Save button.

When you click on Save, Merchant key-based Blowfish encryption is disabled.