Many features use encrypted data files to protect credentials. Starting in version 7, all All built-in encryption features require a user-defined encryption key to be specified via the encryptionKey configuration setting. If the encryption key is not specified, an error message like this will display when attempting to use encryption features:

...

To enable encryption features and resolve this error, it’s necessary to generate an encryption key and populate it in the encryptionKey configuration setting.

Generating An Encryption Key

...

A command-line utility named gen_key.js is provided in the product installation library to generate encryption keys. gen_key.js uses the Node.js crypto.randomBytes()API to generate cryptographically strong random bytes.

...

Specifying the Encryption Key in the Configuration File

See encryptionKeyfor details.

Troubleshooting Decrypt Failures

The encryption and decryption features include a data integrity check. This ensures that the data is correct when its decrypted. If the integrity check fails, this message will be thrown by the decrypter:

Unsupported state or unable to authenticate data.

This can mean either:

• The data is corrupt

• Trying to decrypt the wrong data – i.e. wrong file path given, etc.

• The data was encrypted with a different encryption key than the one being used for decrypt

• Attempting to decrypt credentials files created by an older version of Profound.js. Version 7 and later cannot read credentials files produced by earlier versions. These files need to be regenerated. See Migrating to Profound.js 7 From Earlier Versions

Features that Require an Encryption Key

...

Profound.js Framework APIs

• pjs.encrypt()

• pjs.decrypt()

Profound API Data Files

• API Dashboard user file

• API User file (if not using Security Store DB)