Index | Prev | Next

System Passphrase

All Niagara 4 platforms have a system passphrase (password), used to encrypt sensitive information, such as client passwords stored in BOG files and station databases (config.bog files) or station backup distribution (.dist) files. The passphrase increases security for the files that contain critical information. In various operations, you are prompted to enter the passphrase, such as when copying stations or restoring station backups in remote platforms. .
 NOTE: This system passphrase functionality applies to the JACE-8000 controller. 

The following areas of the framework are affected by passphrase implementation:

  • Provisioning
  • Distribution File Installer
  • File Transfer Client
  • Station Copier
  • Back up
  • Commissioning
  • Export Tags

The sensitive information in files is protected with encryption, either by encrypting the information within the file or by encrypting the whole file. How encryption is applied depends on the expected portability of the file. Files located under the daemon User Home (files that belong to the system) are encrypted using a strong, randomly generated key that exists only on that system. While files located under the Niagara User Home (that is, portable files that can be sent to many systems) are encrypted using a key derived from the user-defined system passphrase entered during software installation or when the system passphrase is changed.

Due to the different types of encryption that are used for the system or portable locations, when transferring files between the daemon User Home and another User Home you must use the Workbench platform tools (Station Copier, File Transfer Client or Backup) which convert files to use the correct encryption key for the target location.

 CAUTION: Do not use Windows Explorer to copy files between the daemon User Home and other User Homes because without the proper encryption those files may not be readable. 
  • For system-to-portable transfers

    You can get portable copies of files located under the daemon User Home by any of these methods:

    • Make a backup from the Platform Administration view
    • Make a backup from a running station
    • Use either Station Copier or File Transfer Client from the Platform Administration view

    The resulting local, portable copies and backup files are protected with a passphrase.

  • For portable-to-system transfers

    Alternately, when you use the Distribution File Installer to restore a backup .dist file, or Station Copier to transfer a station from your Workbench directory to a controller, the file’s passphrase is validated and used to translate the data back into the proper system encryption format for use under the daemon User Home.

 CAUTION: It is important to remember the system passphrase and keep it safe. If you lose the system passphrase, you will lose access to encrypted data.  

Related Links

  • Update the system passphrase
  • System passphrase usage in backups and station copies
  • Editing BOG files offline
  • System passphrase usage in JACE-8000
  • Platform Administration (Parent Topic)

    • Index | Prev | Next