Login Encryption

JasperReports Server 4.7 introduced the ability to encrypt plain-text passwords over non-secure HTTP. Encryption does not make passwords more secure, it only prevents them from being readable to humans. For more information about security and how to enable login encryption, see the JasperReports Server Security Guide.

When login encryption is enabled, passwords in both HTTP Basic Authentication and using the login service must be encrypted by the client. Login encryption has two modes:

Static key encryption – The server only uses one key that never changes. The client only needs to encrypt the password once and can use it for every web service call.
Dynamic key encryption – The server changes the encryption key for every session. The client must request the new key and re-encrypt the password before every call using HTTP Basic Authentication or every session using the login service.

The GetEncryptionKey service does not take any arguments or content input.





Return Value on Success

Typical Return Values on Failure

200 OK – Body contains a JSON representation of public key:


200 OK – Body contains {Error: Key generation is off}

To encrypt a password with the server’s public key, use the Bouncy Castle provider with the RSA/NONE/NoPadding algorithm.