From HVR
Jump to: navigation, search
Previous: hvrcontrol
Next: hvrfailover
Command Reference


hvrcrypt – Encrypt passwords.


hvrcrypt key [pwd]
hvrcryptdb [–options] hubdb


Command hvrcrypt can be used to interactively encrypt a password for a hub database when starting HVR on the command line. The second argument pwd is optional. If not specified hvrcrypt will prompt for it on the command line, not echoing the input. Using hvrcrypt is not needed for commands started with the HVR GUI.

Command hvrcryptdb will encrypt all unencrypted passwords in column loc_remote_pwd and loc_db_user in catalog hvr_location of the hub database, using column loc_name as key. Passwords entered using the HVR GUI will already be encrypted.

The first argument hubdb specifies the connection to the hub database, this can be an Ingres, Oracle or SQL Server database depending on its form. See further section Calling HVR on the Command Line.

Passwords are encrypted using an encryption key. Each password is encrypted using a different encryption key, so that if two passwords are identical they will be encrypted to a different value. The encryption key used for hub database passwords is the name of the hub database, whereas the key used to encrypt the login passwords and database passwords for HVR location sis the HVR location name. This means that if an HVR location is renamed, the encrypted password becomes invalid.

Regardless of whether hvrcrypt is used, hvrgui and hvrinit will always encrypt passwords before saving them or sending them over the network. The passwords will only be decrypted during authorization checking on the remote location.


Parameter Description
–hclass Specify hub database. Valid values are oracle, ingres, sqlserver, db2, db2i, postgresql, and teradata. For more information, see section Calling HVR on the Command Line.
–uuser [/pwd] Connect to hub database using DBMS account user. For some databases (e.g. SQL Server) a password must also be supplied.


To start the HVR Scheduler at reboot without the password being visible:

Unix & Linux

$ DBUSER=hvrhubaw
$ DBPWD=mypassword
$ hvrscheduler $DBUSER/$DBPWD_CRYPT

Use of Unix command ps|grep hvrscheduler will give the following:

hvr 21852 17136 0 15:50:59 pts/tf 00:03 hvrscheduler –i hvrhubaw/!{CLCIfCSy6Z7AUUya}!

The above techniques also work for the hub database name supplied to hvrinit.


Although the password encryption algorithm is reversible, there is deliberately no decryption command supplied.

Secure network encryption of remote HVR connections is provided using command hvrsslgen and action LocationProperties /SslRemoteCertificate.

See Also

Parameter /SslRemoteCertificate in section LocationProperties.