Used to create an encryption key or to encrypt portions of connection strings for use in mapfiles (added in v4.10) . Typically you might want to encrypt portions of the CONNECTION parameter for a database connection. The following CONNECTIONTYPEs are supported for using this encryption method:
OGR
Oracle Spatial
PostGIS
SDE
To create a new encryption key:
msencrypt -keygen [key_filename]
To encrypt a string:
msencrypt -key [key_filename] [string_to_encrypt]
The location of the encryption key can be specified by two mechanisms, either by setting the environment variable MS_ENCRYPTION_KEY or using a CONFIG directive in the MAP object of your mapfile. For example:
CONFIG MS_ENCRYPTION_KEY "/path/to/mykey.txt"
Use the { and } characters as delimiters for encrypted strings inside database CONNECTIONs in your mapfile. For example:
CONNECTIONTYPE ORACLESPATIAL
CONNECTION "user/{MIIBugIBAAKBgQCP0Yj+Seh8==}@service"
LAYER
NAME "provinces"
TYPE POLYGON
CONNECTIONTYPE POSTGIS
CONNECTION "host=127.0.0.1 dbname=gmap user=postgres password=iluvyou18 port=5432"
DATA "the_geom FROM province using SRID=42304"
STATUS DEFAULT
CLASS
NAME "Countries"
COLOR 255 0 0
END
END
Here are the steps to encrypt the password in the above connection:
msencrypt -keygen "E:\temp\mykey.txt"
And this generated key file might contain something like:
2137FEFDB5611448738D9FBB1DC59055
msencrypt -key "E:\temp\mykey.txt" "iluvyou18"
Which returns the password encrypted, at the commandline (you’ll use it in a second):
3656026A23DBAFC04C402EDFAB7CE714
MAP
...
CONFIG "MS_ENCRYPTION_KEY" "E:/temp/mykey.txt"
...
END #mapfile
CONNECTION "host=127.0.0.1 dbname=gmap user=postgres password={3656026A23DBAFC04C402EDFAB7CE714} port=5432"