Password Encryption for Database Connection Strings

The BIC architecture makes it important to be able to hide sensitive security information, such as database passwords stored in BIC or custom project configuration files.

This requirement also applies to the database connection strings in the BIC project INI files that often contain multiple connection strings to different database instances, such as for Visibility reporting or custom databases with unencrypted passwords. These INI files may not reside directly on the local Verifier workstation, but could be easily accessed by the Verifier users, because at least read-only access to the BIC project directory is required.

BIC allows password encryption in an INI or CONFIG file by using RSA-1024 or RSA-3072 encryption.

The default and recommended encryption method is RSA-3072.

Note: To decrypt a password encrypted with an RSA-1024 public key, use the associated RSA-1024 private key. To decrypt a password encrypted with an RSA-3072 public key, use the associated RSA-3072 private key.

Password length

The maximum character length for a password to encrypt using RSA-1024 is 30.

The maximum character length for a password to encrypt using RSA-3072 is 280.

Longer passwords do not encrypt correctly.