External ID Encryption


The launch URL is the interface between Engine and your LMS that is most visible to end users. By default, the external keys that are passed on the query string are in plain text, so that the the field names and values are easily readable in the browser's address bar. Although Engine needs to make use of the external keys in order to deliver learning content and track results data, they are an implementation detail that you may wish to conceal from end users. Luckily, Engine gives you the option to use encrypted external keys on the launch URL.

You can enable encryption by setting two values in your Engine configuration file. They aren’t in the default templates, so you’ll have to add them. For Java, add the following to

<entry key=”EnableExternalIdEncryption”>True</entry>
<entry key=”IntegrationEncryptionPassword”>Your Password Goes Here</entry>

For .NET, here's what you'll add to SCORMEngineSettings.config:

<add key=”EnableExternalIdEncryption” value="True" />
<add key=”IntegrationEncryptionPassword” value="Your Password Goes Here" />

The first one setting, "EnableExternalIdEncryption", causes Engine to pass the serialized keys through the Decrypt integration method when parsing, and to use the Encrypt integration method when serializing an external ID object. The default implementations of Encrypt and Decrypt use a password-based encrypter, and the password is set by the "IntegrationEncryptionPassword" configuration value. The trick here is, you will need to encrypt the values on the launch URL, in the same way the the integration’s Encrypt method would. The easiest way to achieve that is to actually use the integration’s Encrypt method when you build the launch URL, if you have access to the Engine and integration assemblies or JARs. For example, in Java you'd use code like the following:

String encryptedRegistration = Integration.getImplementation().Encrypt("ContentId|123!UserId|456");
String encryptedPackage = Integration.getImplementation().Encrypt("ContentId|123");
String encryptedConfig = Integration.getImplementation().Encrypt("MyConfig|789");
String launchUrl = "" +
    "registration=" + encryptedRegistration + "&package=" + encryptedPackage + "&configuration=" + encryptedConfig;

If you wish to use a different encryption scheme, or won’t have access to Engine’s classes when you build the launch URL, you can instead encrypt the values on the launch URL using whatever scheme you wish, and override the Decrypt and Encrypt in your integration layer. You will still need to set "EnableExternalIdEncryption" to "True" in your settings file.

public String Encrypt(String plain) throws Exception
    // Encrypt the input string using the same scheme as you use for the launch URL values.
    String encrypted = someEncryptionMethod(plain);

    return encrypted;

public String Decrypt(String encrypted) throws Exception
    // Decrypt the input string using the same scheme as you use for the launch URL values.
    String plain = someDecryptionMethod(encrypted);

    return plain;
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request
Powered by Zendesk