Encrypting the password for the DMT command line
When using the CAST Delivery Manager Tool (DMT) via the command line, a username and password must be configured in the command line in the following situations:
- At all times, via the AUTH variable to configure the CAST AIC Portal credentials
- Optionally, via the PXAUTH variable to configure access to the CAST AIC Portal when a web proxy server is present in the local environment.
This is explained in detail in Using the DMT Command Line.
Introduction
When using the AUTH or PXAUTH variables in a batch file for use with the CAST Delivery Manager Tool CLI (Command Line Interface), you can pass the username and password in clear-text as follows:
set AUTH=-username cast -password castset PXAUTH=-pxUsername JoeBloggs -pxPassword cast However, in a secure environment, clear-text passwords may not be acceptable. For improved security, CAST recommends using an encrypted password and has therefore provided a method to encrypt the user's password and then enter the encrypted password into the command line using the -authkey or -pxAuthKey parameters in place of the -password or -pxPassword parameters as follows:
set AUTH=-username cast -authkey u0tjM5qkCZO8IpzrD0CYUw==set PXAUTH=-pxUsername JoeBloggs -pxAuthKey u0tjM5qkCZO8IpzrD0CYUw==
The -authkey/pxAuthKey parameter is string of characters derived from the user's password by cryptographic means, in order to prevent the password from being exposed in clear-text. An authkey/pxAuthKey generation tool, named authkeygen.bat (this is in fact a batch file that is run via a CMD window), is provided with the CAST Delivery Manager Tool, located in the CAST Delivery Manager Tools "working space" folder on the machine on which the CAST Delivery Manager Tool has been installed directly from the CAST AIC Portal:
%localappdata%\CAST\CAST\DMT\{GUID_of_AICPortal_Instance} 
Note that an authkeygen.sh tool also exists for Linux environments.
JRE requirements
The authgenkey tool requires that a Java JRE has been installed on the machine. This should already be the case if you have installed the CAST Delivery Manager Tool in GUI mode from the CAST AIC Portal.
The tool then requires that:
- either a %JAVA_HOME% system environment variable exists on the machine pointing to the installation folder of your JRE (for example: C:\Program Files (x86)\Java\jre7)
- or that the JRE's bin folder is referenced in the PATH system environment variable (for example: C:\Program Files (x86)\Java\jre7\bin)
If neither of the above are true, a message will be displayed explaining this when you attempt to run the tool:
Generating an encryption key
To generate an encryption key, please open a command prompt and navigate to the following location:
%localappdata%\CAST\CAST\DMT\{GUID_of_AICPortal_Instance} Then enter the following:
authkeygen
The tool will then prompt you for the password to encrypt:
Enter your username's CAST AIC Portal or web proxy password that you want to encrypt, then tap ENTER. The resulting encryption key value is displayed preceded by authkey:
Note that the encryption key generation process is host and user login dependent: i.e. an encryption key is only valid on the same host and with the same machine user login as have been used for the key generation process. In other words, you must run the registerDomain and registerApplication commands on the same machine and with the same user login as was used to generate the encryption key.
Using the encryption key
When the encryption key has been generated, simply replace the following lines in your batch file:
set AUTH=-username cast -password castset PXAUTH=-pxUsername JoeBloggs -pxPassword cast with:
set AUTH=-username cast -authkey u0tjM5qkCZO8IpzrD0CYUw==set PXAUTH=-pxUsername JoeBloggs -pxAuthKey u0tjM5qkCZO8IpzrD0CYUw==
See Using the DMT Command Line for more information.
