Default Digest Algorithm in Mirth® Connect 4.4

Mirth® Connect by NextGen Healthcare User Guide

Update the Digest Algorithm

To ensure you can still log on with your existing credentials (which used the old digest settings), you want to make sure to set the "fallback" digest settings in the mirth.properties file. Set the "fallback" digest settings in the mirth.properties file. For example:digest.fallback.algorithm = SHA256digest.fallback.saltsizeinbytes = 8digest.fallback.iterations = 1000digest.fallback.usepbe = 0digest.fallback.keysizeinbits = 256 Update the digest.* settings to the new algorithm you want to use. After Mirth® Connect, is retarted, the new digest settings are used for all new digest values. The "fallback" settings to verify old digest values are also used. To use the new digest value for your stored password hash in the database, update your user password in the Administrator. Parent topic: mirth.properties File

Mirth® Connect by NextGen Healthcare User Guide

4.4.0 Upgrade Notes

Added New Functionality to the Mirth® Connect Setup Wizard (Installation Process) The following new features are added to the Mirth® Connect Setup Wizard: You can download and install your Mirth® Connect commercial extensions at the time Mirth® Connect is installed or upgraded. This simplifies the process so that users no longer have to download commercial extensions prior to the installation. When upgrading Mirth® Connect, the Setup Wizard displays the existing values for the destination directory, license key, network ports, and password requirements from your mirth.properties file rather than the standard default values or the values that were entered previously. Note: For Linux users upgrading from 4.3.0, new URL links have been added to the Mirth® Connect windows of the setup wizard to enable navigating to the desired version from the main document/wiki pages. To get the updated links, you must uninstall and then re-install Mirth® Connect. Default Digest Algorithm Changed The defa

Mirth® Connect by NextGen Healthcare User Guide

Encryption Settings

You can change the default encryption settings for Mirth® Connect as you see fit. The following can be set in mirth.properties: Property Default Value Description encryption.algorithm AES/CBC/PKCS5Padding The algorithm to use for symmetric encryption. This applies to messages, exports, and anything that is used along with the keystore to encrypt / decrypt. You must include the explicit mode and padding settings with the algorithm. The mode must also require an initialization vector. Note: The default value is updated in version 4.3. If you did not explicitly set this property, then no action is needed. Mirth® Connect will automatically start using the new default. If you did explicitly set this property, then NextGen Healthcare highly recommends you to update it to include the mode/padding options as well. Support for "AES" (without any mode/padding specified) will be removed in a future version. encryption.charset UTF-8 The charset to use when encoding textual data into bytes before e

Mirth® Connect by NextGen Healthcare User Guide

§170.315(d)(12) Encrypt Authentication Credentials

(d)(12) Encrypt authentication credentials requires encryption of stored authentication credentials. Required Extensions None Features that Support the Certification SHA256 is the default algorithm used by Mirth® Connect by NextGen Healthcare that creates salted hash values for user passwords. This value is stored in the database, not the user password. SHA256 is approved for Cures, as are SHA384 and SHA512. If a different algorithm is desired, the mirth.properties file can be modified using the digest.algorithm property. For example: digest.algorithm = SHA384 Required Actions None Parent topic: Cures Certification

LDAP Authorization User Guide

Recover from a Forgotten Recovery Username / Password

If you lose the recovery username or password, you can use database queries to manually reset the recover account credentials, or you can disable Lightweight Directory Access Protocol (LDAP). If you cannot log on to Mirth® Connect by NextGen Healthcare and forgot your Lightweight Directory Access Protocol (LDAP) recovery username or password, you must reset the credentials or disable LDAP. If you have access to the Mirth® Connect database, manually reset the recovery account credentials. To reset the recovery username and password: Connect to the database by using the connection information in the database.url entry in the /conf/mirth.properties file in the Mirth® Connect home folder. database.url = jdbc:postgresql://localhost:5432/mirthdb Execute the following queries to set the recovery username to recovery and also set the password to recovery: UPDATE configuration SET value = 'recovery' WHERE name = 'recoveryUsername' AND category = 'LDAP Authorization'; UPDATE configuration SET va

LDAP Authorization User Guide

LDAP Connection Error: "com.mirth.connect.plugins.ldap.shared.Cryptor$<Encryption or Decryption>FailedException"

The LDAP connection error "com.mirth.connect.plugins.ldap.shared.Cryptor$<Encryption or Decryption>FailedException" can occur if the encryption key changed, if there are mismatched Java versions, or if Java Cryptography Extension (JCE) is not installed on your workstation. This Lightweight Directory Access Protocol (LDAP) connection error message ends with either EncryptionFailedException or DecryptionFailedException. This error can result from any of the following conditions: The Mirth® Connect by NextGen Healthcare encryption key changed or the encryption settings defined in /conf/mirth.properties have changed. The password for the admin user DN is stored by Mirth® Connect and is encrypted for security. Mirth® Connect uses an internal encryption key to encrypt the password. This internal encryption key is located in the file pointed to by the "keystore.path" setting in the mirth.properties file (the default location is /appdata/keystore.jks). If this file is changed or replaced or if

Default Digest Algorithm in Mirth® Connect 4.4

Recommendations

Update the Digest Algorithm

4.4.0 Upgrade Notes

Encryption Settings

§170.315(d)(12) Encrypt Authentication Credentials

Recover from a Forgotten Recovery Username / Password

LDAP Connection Error: "com.mirth.connect.plugins.ldap.shared.Cryptor$<Encryption or Decryption>FailedException"

Update the Digest Algorithm

4.4.0 Upgrade Notes

Encryption Settings

§170.315(d)(12) Encrypt Authentication Credentials

Recover from a Forgotten Recovery Username / Password

LDAP Connection Error: "com.mirth.connect.plugins.ldap.shared.Cryptor$<Encryption or Decryption>FailedException"