Specialized Administration > Configuring Your Windchill Environment > Configuring Password Management Options > System Password Encryption Options > Password Encryption Details
  
Password Encryption Details
To encrypt system passwords, Windchill and Info*Engine code uses a JCEKS KeyStore class in conjunction with a password-based encryption. JCEKS KeyStore is a strong version of the Sun KeyStore class implementation. The Sun KeyStore implementation is standard with the Java SE Development Kit (JDK).
The actual encrypted passwords are stored in a keystore file located outside of the codebase directory. The keystore file itself is encrypted using a random character string. If your site requires that you periodically change the encryption on this file (for example, for Sarbanes-Oxley Act (SOX) compliance), see Changing Keystore File Encryption.
As a result of encrypting passwords, you cannot view the passwords in Windchill files. Instead, the password value is shown in a file using the following general format:
encrypted.<related_name>
where <related_name> is system-generated text. The text uniquely identifies the encrypted password that is stored in the keystore file. For example, the database password value stored in the wt.pom.dbPassword property is shown as:
encrypted.wt.pom.dbPassword
Since the database password is set in a Windchill properties file, both the site.xconf file and the properties file where the database password is set (in this case, db.properties) show encrypted.wt.pom.dbPassword in place of the actual password as follows:
wt.pom.dbPassword=encrypted.wt.pom.dbPassword
Therefore, you cannot view passwords that have been encrypted by opening the associated properties file (or the site.xconf file) nor are passwords displayed when you display values using the xconfmanager -d option.
In another example, assume the encrypted password for the default worker agent user is shown as:
encrypted.auth.D:\\ptc\\Windchill\\auth.properties
Then this password is set on a Windows system in the D:\ptc\Windchill\auth.properties authorization file and replaces the password as follows:
auth=<user_name>:encrypted.auth.D:\\ptc\\Windchill\\auth.properties
where <user_name> is the name of the default worker agent user.
As you set passwords that are encrypted, ensure that you have a process set up to record the passwords outside of your Windchill environment. You cannot view encrypted passwords nor can you decrypt them. If you cannot remember a password that is encrypted, your only option is to change the password to a known value.