Setting Up Your Store > Store Security >

Blowfish

Top  Previous  Next  

Security of sensitive data in your store database is ensured by Blowfish encryption algorithm.

In X-Cart, Blowfish encryption algorithm provides two levels of data encryption:

1.Encryption based on using a Blowfish key (for order details, user passwords and some service data);
2.Encryption based on using a Merchant key (for order details).

Blowfish key-based encryption is used by default, while encryption based on using a Merchant key can be enabled at your wish to ensure a still higher level of security for your customers' data.

 

Blowfish key-based encryption

At the time of installation, in addition to Auth code, X-Cart generates another secret key to help you ensure store security - Blowfish encryption key. This key gets written to X-Cart's config.php file as a value of the $blowfish_key variable, and, immediately after installation, X-Cart begins using this key to encrypt user passwords, details field of xcart_orders table, etc. The same key is used to decipher the encrypted data, so your customers' data stays protected even if your database gets stolen - provided, the malicious person does not have access to your config.php file and has not stolen your Blowfish key in some other way.

Changing your Blowfish encryption key

It is quite safe to use X-Cart with the Blowfish key generated during installation; however, if you still wish to change it, use the utility for re-generation of the Blowfish encryption key provided with X-Cart tools (For details, refer to the chapter 'Tools' in the 'Maintaining Your Store' section of this manual).

NEVER try to change your Blowfish encryption key by editing the value of the $blowfish_key variable in config.php: your data is already encrypted with this key and X-Cart needs exactly the same key to be able to decrypt it. Changing $blowfish_key manually will corrupt all the user passwords (including the administrator's password), so you will not be able to use the store.

Please be aware that a lost Blowfish key cannot be restored, so X-Cart team will not be able to help you regain access to your store if you remove or change the value of $blowfish_key.

 

Merchant key-based encryption

Blowfish data encryption based on using a Merchant key is still more secure than the encryption method described above. In this method, you create a Merchant key - a password that allows you to encrypt the details of your customers' orders and to decrypt previously encrypted order details when you wish to view them. The higher level of security provided by this method is ensured by the fact that the key used to encrypt and decrypt order details is not stored anywhere in the system. The only thing that is stored is an MD5 signature of the key. When you need to access the details of a certain order, you manually enter your Merchant key into a special form on the 'Order details' page. The system calculates the MD5 hash of the Merchant key entered and compares it to the MD5 signature of the original Merchant key stored in xcart_config database. If the signatures are deemed to be identical, you will be allowed to access the details of any orders during the current admin session. In the next session, you will be supposed to re-enter the Merchant key to get access to order details.

Enabling Merchant key-based encryption

If you wish to enable Merchant key-based Blowfish encryption in your store, enable the option 'Blowfish encryption method is enabled' in the 'General Settings/Security options' section of the Admin interface and create a password that will be used as your Merchant key:

1.Go to the 'General Settings/Security options' section of the Admin zone.
2.Select the 'Blowfish encryption method is enabled' checkbox.
3.Click the Save button. You should be redirected to a page titled 'Add merchant key'. This page provides a form for creating a Merchant key:

4.Think of a password that you would like to use for access to order details in your store. Please make sure the password is not too short or too simple. The minimum length of a Merchant key is 6 characters. You probably needn't worry about the maximum length, as the maximum size of a Merchant key is 64 kB.
5.Enter the desired password into the 'Merchant key' field of the 'Add merchant key' form.
6.Type the password once again into the 'Confirm merchant key' field.
7.Click the Submit Query button.

A validation routine will check if the key you provided meets the length requirements and if the password in the confirmation field matches the original one. If everything is OK, the option 'Blowfish encryption method is enabled' will be enabled. Any data which has been encrypted by this time using the hard-coded Blowfish key from config.php will be decrypted and re-encrypted using the Merchant key. On completion, you should see an Information box with a confirmation message:

Using your Merchant key to access order details and to apply encryption to new orders

After the creation of a Merchant key, a form titled 'Enter merchant key' will appear on the 'Order details' page.

You will see this form in any new user session when you attempt to view your customers' orders. To access the details of any order in the database, you will need to enter your Merchant key into the appropriate field in this form and click the Enter button. The form will disappear as soon as you enter a correct Merchant key and generally will not be shown again until the session expires.

Please be aware that, because your Merchant key is not stored in the system, new orders getting placed by your customers will not be encrypted with the Merchant key right away. After placement, they will be encrypted with the hard-coded Blowfish key from the $blowfish_key variable of config.php. Only after you enter your Merchant key into the system will the bulk of new orders accumulated by this time be decrypted and re-encrypted using the Merchant key.

Here we need to make one important reservation: using the 'Enter merchant key' form in the Admin zone is not the only way of providing your Merchant key to the system. X-Cart provides an interface which allows you to initiate re-encrypting of the details field of xcart_orders table remotely: admin/post_recrypt.php. This interface can be accessed through the address line of your browser:

http://www.example.com/xcart/admin/post_recrypt.php?merchant_password=12345

(where http://www.example.com/xcart/ is the address of your store and 12345 is your Merchant key),

or using the command line:

/usr/bin/php {xcart_root_dir}/admin/post_recrypt.php merchant_password=12345

(where {xcart_root_dir} is your X-Cart root directory and 12345 is your Merchant key).

Changing your Merchant key

It is possible to change a once created Merchant key, but before you are allowed to create a new Merchant key, you will be supposed to disable the already existing one.

Disabling Merchant key-based encryption

Merchant key-based Blowfish encryption cannot be disabled without first entering a valid current Merchant key. This guarantees that encryption of order details will not be disabled by a person who is not authorized to do so even if this person gains access to the Admin interface.

If you wish to disable Merchant key-based Blowfish encryption, do the following:

1.Go to the 'General Settings/Security options' section of the Admin zone.

If you have already entered your Merchant key in the current session, the option 'Blowfish encryption method is enabled' will look as follows:

This means you can simply proceed to step 2.

If you have not yet entered your Merchant key in the current session, the option 'Blowfish encryption method is enabled' will look as follows:

This means the option cannot be disabled until you get authorized. Go to the 'Orders Management' section (Administration menu->Orders), do a search for any order and open its details. This should make the form 'Enter merchant key' appear on the page. Enter your Merchant key into the appropriate field in this form and click the Enter button. Wait for the key to be applied and return to the 'General Settings/Security options' section. This time you should see a selected checkbox opposite the option 'Blowfish encryption method is enabled'. Proceed to step 2.

2.Unselect the 'Blowfish encryption method is enabled' checkbox.
3.Click the Save button. Merchant key-based Blowfish encryption will be disabled.