Encrypting private keys of Dragon Voice engines
Note: This procedure is for Dragon Voice users. Ignore it if not using Dragon Voice.
When setting up secure connections, you must encrypt (obfuscate) the password phrase of the private keys. The procedure varies for each component. For an overview, see Securing connections with SSL/TLS.
Obfuscating Krypton engine, Resource Manager, and NTpE keys
Note: This procedure uses one encrypted password for the relevant passphrase properties. Alternatively, you can create a different encrypted password for each property.
To obfuscate the password/phrase for Krypton, Nuance Resource Manager, and NTpE, use the command-line.
- On Windows, run the commands from a Windows command prompt. Do not use cygwin.
- Do not copy and paste the password at the “Password: “ prompt. You must manually type it. Otherwise, the command returns an invalid obfuscation string.
This procedure creates a single, encrypted password for all these services. It is not necessary to have different passwords for each service. Follow these steps:
-
Stop all Speech Suite services on the host.
- Log in to the host and run one of these commands. (These services use the same obfuscation methodology: you can encrypt passwords for any service from any of these locations. It is not necessary to execute scripts at locations that match the service types.)
- When the script prompts for a password, enter the caSigned password for the service. The script does not echo the data but it returns the obfuscated string and a status code:
Password: my_password 4fea21b2fb7d2116d8b48fb8a189616e 2019-11-18 16:18:03,894—status: Process is exiting with code 0
For example, using the Krypton obfuscation script:
# cd $KR_HOME # ./startEngine.sh obfuscate Password: my_password 4fea21b2fb7d2116d8b48fb8a189616e
2019-11-18 16:18:03,894—status: Process is exiting with code 0 - Copy the encrypted output, and use the value to set the following properties.
For Krypton, https : passphrase and httpClient : passphrase.
For NTpE set https: passphrase
For Resource Manager, set https : passphrase
-
Start all services.
Service | Script command and argument |
---|---|
Krypton |
Linux: $KR_HOME/bin/nrm obfuscate Windows: %KR_HOME%\bin\nrm.exe obfuscate |
Resource Manager |
Linux: $NRM_HOME/bin/nrm obfuscate Windows: %NRM_HOME%\bin\nrm.exe obfuscate |
NTpE |
Linux: $TEXTPROC_HOME/bin/nrm obfuscate Windows: %TEXTPROC_HOME%\bin\nrm.exe obfuscate |
Obfuscating NLE keys
To obfuscate the password/phrase for NLE, use the command-line:
-
Stop all Speech Suite services on the host.
-
Log in to the host and enter this command:
- Linux: $NLE_HOME/bin/encrypt_properties.sh nlepassword
- Windows: %NLE_HOME%\bin\encrypt_properties.bat nlepassword
For example, you can change directory to the bin location and enter:
# ./encrypt_properties.sh nlepassword ptanG58LMzxaUlUnVj7XHFCC9wdj3mKT
Where:
nlepassword
is the caSigned passphrase to be encryptedptanG58LMzxaUlUnVj7XHFCC9wdj3mKT
is the encrypted output
- Copy the encrypted output and set https.keyStorePassword by pasting the value (enclosed in parentheses and preceded by
ENC
). For example:ENC(ptanG58LMzxaUlUnVj7XHFCC9wdj3mKT)
- Enable the rm.hostNameVerificationEnabled and ntpe.hostNameVerificationEnabled parameters.
-
Start all services.
Obfuscating NLP service keys
Note: This procedure uses one encrypted password for the relevant passphrase properties. Alternatively, you can create a different encrypted password for each property.
To obfuscate the password/phrase for NLP service, use the command-line:
Log in to the host and enter this command:
-
Stop all Speech Suite services on the host.
-
Log in to the host and enter this command:
Linux: java –jar $NLPS_HOME/lib/nlps.jar encrypt
Windows: java –jar %NLPS_HOME\lib\nlps.jar encrypt
- In response, the command prompts for a password. When you enter the caSigned.p12 keystore password for the service, the command returns the obfuscated string:
password? myPassword
50348e1a2de57527d48fb38bd77d56aa
- Copy the encrypted output, and set these properties by pasting the value (enclosed in parentheses and preceded by
ENC
). -
Start all services.
To decrypt a password, run the same command with the decrypt argument, and enter the encrypted password string:
java –jar nlps.jar decrypt
password? myEncryptedPassword