How can I change the Blowfish key?

It is quite safe to use X-Cart with the Blowfish key generated during installation; however, if you still wish to change it, use the utility for re-generation of the Blowfish encryption key provided with X-Cart tools. This tool allows you to generate a new Blowfish key and replace your current Blowfish key with it.

Your current Blowfish key is stored in the file config.php. To enable X-Cart to replace the current Blowfish key with a new one, you must set write permissions on the file config.php. On Unix this can be accomplished by using the following command:

chmod 666 config.php

Before you use this tool, you must back up the file config.php and the database of your store. This is essential, because if the re-generation procedure fails, you will not be able to log in to the store, and a lot of important information will be lost, including customer data and order details.

To use the tool, click the Regenerate button. After you click on Regenerate, X-Cart generates a new Blowfish key and starts re-encrypting the data encrypted by the old key using the new key. While X-Cart is performing the re-encryption, you can see the progress on the screen. Please be patient and allow sufficient time for the procedure to be completed.

Important: You must ensure that the re-encryption procedure runs uninterrupted up until the moment you see a message indicating its successful completion. If you happen to lose Internet connection, close the browser window or simply leave the page demonstrating the re-encrypting process before the procedure is successfully completed, you will lose all the data that has not been re-encrypted with the new Blowfish key.

Never try to change your Blowfish key by editing the value of the $blowfish_key variable in the X-Cart configuration file: your data is already encrypted with this key and X-Cart needs exactly the same key to be able to decrypt it. Editing $blowfish_key manually will corrupt all the user passwords, including the administrator password, so you will not be able to use the store.

Please be aware that a lost Blowfish key cannot be restored, so we will not be able to help you regain access to your store if you remove or change the value of $blowfish_key. The only solution for a lost Blowfish key is re-installation of X-Cart and restoration of your latest data backup.

If you are uncertain about any aspects of regenerating your Blowfish key, please submit a support ticket requesting Blowfish key regeneration. One of our technicians will regenerate the key for you. Remember you must login to the Client Area before you can submit a support ticket.

  • 18 Users Found This Useful
Was this answer helpful?

Related Articles

How can I edit the welcome text on the home page?

The welcome text displayed on the X-Cart home page along with all other labels and messages used...

How can I upload images for use on X-Cart pages?

The built-in X-Cart WYSIWYG editors don't include an image upload function. They require you to...

What is "Blowfish"?

Security of sensitive data in your store database is ensured by the Blowfish encryption...

I lost my admin password. How do I change or reset it?

If you can log in to your X-Cart admin area using another account, please do so, and reset/modify...

Why is my new Category icon image not visible?

There are many possible causes for this problem. However, the most common is attempting to upload...