Home>ORDER ONLINE>X-Cart Support>X-Cart Security Services>X-Cart Blowfish Key Regeneration
X-Cart Blowfish Key Regeneration

X-Cart Blowfish Key Regeneration




Blowfish key based encryption method is used to encrypt the following types of data in the database:

  1. user passwords;
  2. sensitive data which is stored in the details field of the xcart_orders table (i.e. data displayed in the 'Order details not visible to customer and provider)' field on the Order Details page);
  3. some internal data (merchant account passwords, keys, etc).

Blowfish key based encryption method is enabled by default; it cannot be disabled. With this method, the above said types of data in the database are encrypted using the so-called Blowfish key - a special key stored in your X-Cart's main configuraton file config.php (see the $blowfish_key variable). Without this key, the encrypted data cannot be decrypted and read, which means your data will remain protected even if a hacker gains access to the database (that, of course, provided your store's config.php has not been compromised as well). Initially, the Blowfish key is generated for your store during X-Cart installation. It can be changed at a later time using the built-in utility for Blowfish key re-generation (You don't have to do it, but periodically changing your store's Blowfish key is a good thing). Note that using the Blowfish key based encryption method does not affect your work in the store's back end in any way: you do not need to enter any security key to view the encrypted order data; you just log in to the Admin back end, and the order data is automatically decrypted and displayed in the "Order details..." section.

The Blowfish key re-generation is a potentially dangerous procedure. If in the middle of performing the regeneration your computer crashes or you loose internet connectivity it could have dire consequences for you data - potentially causing it to be encrypted permanently without the ability to recover it.

Take the risk out of this procedure and have us do it for you! :)

* Please be sure to advise us if you have had security modifications done to your site, as this may alter the way in which we have to approach this task.