Setting the Import-Export Encryption Key

As of JasperReports Server 5.5, all sensitive passwords in exported catalogs are encrypted for security. In order for two servers to share the encrypted contents of an exported catalog, they must share a private key. The default key is an AES 128-bit string stored in a configuration file.

This encryption is separate from the server's own internal encryption. All passwords are stored encrypted in the internal database. The import-export encryption applies only to export catalogs.

Setting the Import-Export Encryption Key

Configuration File





<property name="keyBytes">
<value>0x2b 0x6c 0x34 0x22 0x44 0x42 0x6f 0xb5 0x7f 0x34 0xd3 0x5a 0x1f 0x92 0xcd 0xdc</value>


Set the value of the keyBytes property to the same hexadecimal value on all servers that will exchange export catalogs.

However, be aware that when you change a private key on a server, all previous exports are invalidated. Therefore, you must configure your new server soon after installing it, and you should configure it with the key from an existing server, if you have one. This way all your servers and all your export catalogs will use the same key and be mutually compatible.

Importing Unencrypted Catalogs

Versions prior to 5.5 did not encrypt the user passwords upon export. These passwords appear in plain text. For backwards compatibility, unencrypted catalogs are still supported and can be imported into a 5.5 server, even with an encryption key is configured.

Passwords that are encrypted by an export operation in JasperReports Server 5.5 have encryption markers, so older passwords without the markers can be detected and imported without being decrypted.