It is quite safe to use X-Cart with the Blowfish key generated during installation; however, if you still wish to change it, use the utility for re-generation of the Blowfish encryption key provided with X-Cart tools. This tool allows you to generate a new Blowfish key and replace your current Blowfish key with it.
Your current Blowfish key is stored in the file config.php. To enable X-Cart to replace the current Blowfish key with a new one, you must set write permissions on the file config.php. On Unix this can be accomplished by using the following command:
chmod 666 config.php
Before you use this tool, you must back up the file config.php and the database of your store. This is essential, because if the re-generation procedure fails, you will not be able to log in to the store, and a lot of important information will be lost, including customer data and order details.
To use the tool, click the Regenerate button. After you click on Regenerate, X-Cart generates a new Blowfish key and starts re-encrypting the data encrypted by the old key using the new key. While X-Cart is performing the re-encryption, you can see the progress on the screen. Please be patient and allow sufficient time for the procedure to be completed.
Important: You must ensure that the re-encryption procedure runs uninterrupted up until the moment you see a message indicating its successful completion. If you happen to lose Internet connection, close the browser window or simply leave the page demonstrating the re-encrypting process before the procedure is successfully completed, you will lose all the data that has not been re-encrypted with the new Blowfish key.
Never try to change your Blowfish key by editing the value of the $blowfish_key variable in the X-Cart configuration file: your data is already encrypted with this key and X-Cart needs exactly the same key to be able to decrypt it. Editing $blowfish_key manually will corrupt all the user passwords, including the administrator password, so you will not be able to use the store.
Please be aware that a lost Blowfish key cannot be restored, so we will not be able to help you regain access to your store if you remove or change the value of $blowfish_key. The only solution for a lost Blowfish key is re-installation of X-Cart and restoration of your latest data backup.
If you are uncertain about any aspects of regenerating your Blowfish key, please submit a support ticket requesting Blowfish key regeneration. One of our technicians will regenerate the key for you. Remember you must login to the Client Area before you can submit a support ticket.