{"id":26028,"date":"2016-04-18T09:15:54","date_gmt":"2016-04-18T07:15:54","guid":{"rendered":"https:\/\/mamchenkov.net\/wordpress\/?p=26028"},"modified":"2016-04-18T11:25:16","modified_gmt":"2016-04-18T09:25:16","slug":"working-with-encrypted-values-in-sugarcrm-6-5","status":"publish","type":"post","link":"https:\/\/mamchenkov.net\/wordpress\/2016\/04\/18\/working-with-encrypted-values-in-sugarcrm-6-5\/","title":{"rendered":"Working with encrypted values in SugarCRM 6.5"},"content":{"rendered":"\n

SugarCRM comes with a variety of modules that store values in the database. \u00a0Some of those values are encrypted. \u00a0For example, mailbox passwords for inbound and outbound email configurations.<\/p>\n

When you create this configurations through the web interface or the API, you don’t need to worry about encryption, as SugarCRM handles that all by itself. \u00a0But sometimes, you need to access those values from third-party code. \u00a0The easiest way would be of course to use the same API functionality, but this is not always possible (different machines, different technology stack, etc).<\/p>\n

It is still possible decrypt the values in the database, if you know where to look.<\/p>\n

First of all, here is a little side note for InboundEmail<\/strong> and OutboundEmail<\/strong> modules. \u00a0InboundEmail<\/strong> is a full-featured module, which you can find in modules\/InboundEmail<\/em><\/a> folder. \u00a0OutboundEmail<\/strong> is however not – it lives in include\/OutboundEmail<\/em><\/a>\u00a0. \u00a0This might seem surprising, but the reason for this (probably, as I don’t know for sure) is that outbound email configuration is much simpler. \u00a0Inbound emails are linked with folders, which are then used to subscribe users, etc. \u00a0Outbound emails are just SMTP configurations to use, directly linked to users.<\/p>\n

Anyways. \u00a0Let’s get back on track.<\/p>\n

Most of the encryption and decryption magic happens in include\/utils\/encryption_utils.php<\/em><\/a>. \u00a0If you look through the code, you’ll notice that it deals with mostly two things:<\/p>\n

    \n
  1. Generating or reading an existing encryption key.<\/li>\n
  2. Encrypting or decrypting text with Blowfish, using the encryptionkey.<\/li>\n<\/ol>\n

    Encryption keys are stored in custom\/blowfish\/<\/em> folder. \u00a0The files that you’ll find there have weird names and a .php<\/em> extension. \u00a0The name of the file comes from the module, for which the key will be used. \u00a0ROT13 algorithm<\/a> is used to convert the name of the module into the file name. \u00a0(Note, that for outbound email, the name of the module is OutBoundEmail, not OutboundEmail).<\/p>\n

    If the encryption key file does not exist, a new one will be generated. \u00a0The file will contain a PHP snippet like this:<\/p>\n

    \r\n<?php \/\/ created: 2016-04-18 10:00:00 \r\n  $key = array ( 0 => 'a0a0a0a0-b1b1-c3c3-d4d4-e5e5e5e5e5e5',\r\n);\r\n<\/pre>\n
    If you accidentally remove the file, then you won’t be able to decrypt any of the values, encrypted with this key, so make sure you backup this up. \u00a0Especially considering that this folder might be in your .gitignore<\/em>, as a sub-folder of custom\/<\/em> which stored lots of auto-generated stuff.<\/p>\n
    Note that the file actually defines a $key<\/em> variable, which, if you will include it in your code, can overwrite your $key<\/em> variable. So, be warned.<\/p>\n
    Now, the encryption and decryption is handled with the Crypt_Blowfish library from Pear<\/a>. \u00a0You can find it in include\/Pear\/Crypt_Blowfish<\/em><\/a> folder.<\/p>\n
    A little note for the above as well. \u00a0The Blowfish.php<\/em> file which contains the Crypt_Blowfish class, requires the\u00a0Blowfish\/DefaultKey.php<\/em> file (from the setKey()<\/em> method). \u00a0That requirement uses relative path<\/a>, but not based on the current file. \u00a0Yeah, I know. \u00a0So, if you just copy over the library somewhere else, you might need to adjust either path variables, or the setKey()<\/em> method.<\/p>\n
    Armed with this knowledge, you can now work with encrypted values stored by the SugarCRM in the database. \u00a0Good luck!<\/p>\n\n","protected":false},"excerpt":{"rendered":"\n
    SugarCRM comes with a variety of modules that store values in the database. \u00a0Some of those values are encrypted. \u00a0For example, mailbox passwords for inbound and outbound email configurations. When you create this configurations through the web interface or the API, you don’t need to worry about encryption, as SugarCRM handles that all by itself. … Continue reading Working with encrypted values in SugarCRM 6.5<\/span><\/a><\/p>\n\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"Working with encrypted values in SugarCRM 6.5 #SugarCRM #security #PHP","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_links_to":"","_links_to_target":""},"categories":[1,18,62,1334],"tags":[38,200,1538,1330],"keyring_services":[],"class_list":["post-26028","post","type-post","status-publish","format-standard","hentry","category-general","category-programming","category-technology","category-web-work","tag-php","tag-security","tag-sugarcrm","tag-web-development"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":26232,"url":"https:\/\/mamchenkov.net\/wordpress\/2016\/07\/13\/sugarcrm-cache-directory-it-is-not-a-cache-directory\/","url_meta":{"origin":26028,"position":0},"title":"SugarCRM cache directory \u2013 it is NOT a cache directory!","author":"Leonid Mamchenkov","date":"July 13, 2016","format":false,"excerpt":"Here is a useful reminder from a few years back - \"SugarCRM cache directory \u2013 it is NOT a cache directory!\". \u00a0 Unlike most modern day web applications, which use cache\/ folder for temporary files, which are safe to delete, SugarCRM keeps a bunch of stuff in there, which, if\u2026","rel":"","context":"In "All"","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":11339,"url":"https:\/\/mamchenkov.net\/wordpress\/2008\/08\/19\/sugarcrm-deployment-efforts\/","url_meta":{"origin":26028,"position":1},"title":"SugarCRM deployment efforts","author":"Leonid Mamchenkov","date":"August 19, 2008","format":false,"excerpt":"Since we started working on SugarCRM in the office, one of the hardest tasks that we had was solving the deployment issue.\u00a0 On one hand, SugarCRM comes with some really nice GUI tools, such Studio and Module Builder.\u00a0 On the other hand, the system is large and complex and should\u2026","rel":"","context":"In "All"","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":26031,"url":"https:\/\/mamchenkov.net\/wordpress\/2016\/04\/18\/single-sign-on-between-sugarcrm-and-request-tracker\/","url_meta":{"origin":26028,"position":2},"title":"Single Sign-On Between SugarCRM and Request Tracker","author":"Leonid Mamchenkov","date":"April 18, 2016","format":false,"excerpt":"As mentioned\u00a0before,\u00a0over the last few month I've been involved in quite a few integration projects, using mostly SugarCRM and Request Tracker. \u00a0One of the interesting challenges was the Single Sign-On (SSO) between the two. The interesting bit comes from these facts: Different technologies: SugarCRM is written in PHP, while Request\u2026","rel":"","context":"In "All"","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":26001,"url":"https:\/\/mamchenkov.net\/wordpress\/2016\/04\/06\/sugarcrm-roundcube-and-request-tracker-integration-on-a-single-domain\/","url_meta":{"origin":26028,"position":3},"title":"SugarCRM, RoundCube and Request Tracker integration on a single domain","author":"Leonid Mamchenkov","date":"April 6, 2016","format":false,"excerpt":"In my years of working as a system administrator I've done some pretty complex setups and integration solutions, but I don't think I've done anything as twisted as this one recently. \u00a0The setup is part of the large and complex client project, built on their infrastructure, with quite a few\u2026","rel":"","context":"In "All"","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"SAML workflow","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2016\/04\/saml_workflow_vertical-500x469.gif?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":25961,"url":"https:\/\/mamchenkov.net\/wordpress\/2016\/03\/20\/single-sign-on-sugarcrm-roundcube-multiple-php-sessions\/","url_meta":{"origin":26028,"position":4},"title":"Single Sign-On with SugarCRM and RoundCube Using Multiple PHP Sessions","author":"Leonid Mamchenkov","date":"March 20, 2016","format":false,"excerpt":"I am currently involved in an interesting integration project at work. \u00a0As part of it, we need to create a single sign-on process between\u00a0SugarCRM (version 6.5.20) and RoundCube (version 1.1.4) webmail application. \u00a0RoundCube webmail is being displayed within the iframe inside the SugarCRM user interface, so it would help if\u2026","rel":"","context":"In "All"","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":24008,"url":"https:\/\/mamchenkov.net\/wordpress\/2015\/04\/27\/schemaspy-graphical-database-schema-metadata-browser\/","url_meta":{"origin":26028,"position":5},"title":"SchemaSpy – Graphical Database Schema Metadata Browser","author":"Leonid Mamchenkov","date":"April 27, 2015","format":"link","excerpt":"SchemaSpy - Graphical Database Schema Metadata Browser. \u00a0This is a tool written in Java that helps one to generate database schema documentation. \u00a0Have a look at some sample pages. \u00a0Those familiar with Graphviz will immediately realize that the tools is using dot for graphing tables and their relationships. \u00a0Those familiar\u2026","rel":"","context":"In "All"","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/26028","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/comments?post=26028"}],"version-history":[{"count":0,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/26028\/revisions"}],"wp:attachment":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/media?parent=26028"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/categories?post=26028"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/tags?post=26028"},{"taxonomy":"keyring_services","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/keyring_services?post=26028"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}