Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If aliases are to be used, the full path and password to the keystore has to be indicated by including the Platform properties mz.cryptoservice.keystore.path and mz.cryptoservice.keystore.password in the Platform instance. See /wiki/spaces/MD82/pages/3778732System Properties in the System Administration Guide for further information about these properties. The keystore must also contain keys for all the aliases you want to use.

...

Info
titleExample - Encrypting passwords with crypto service keystore keys

This is an example of how passwords can be encrypted with crypto service keystore keys:

  1. Create a security key with the keytool:

    Code Block
    languagetext
    themeEclipse
    keytool -genseckey -alias myAlias -keyalg AES
    -keystore myKeystore.jks -keysize 128
    -storepass myKeystorePassword -storetype JCEKS.


    Note
    titleNote!
    • If you enter a -keysize that is larger than 128, you may get a message saying that JCE Unlimited Strength Jurisdiction Policy Files needs to be installed. See the Oracle product documentation for further information about this.

    • The -storepass flag is optional. If you do not enter a -storepass you will be prompted for a password.

    • -storetype JCEKS is mandatory.

    • You will be prompted if you want to use the same password for the key as for the keystore and requires the system requires that the same password is used.


  2. Place the keystore in a suitable directory.
     

  3. Encrypt the password to the keystore using the mzsh encryptpassword command with the default key:

    Code Block
    languagetext
    themeEclipse
    mzsh mzadmin/<password> encryptpassword myKeystorePassword

    The encrypted password is returned.
     

  4. Set the Platform properties mz.cryptoservice.keystore.path and mz.cryptoservice.keystore.password:

    Code Block
    languagetext
    themeEclipse
    $ mzsh topo set topo://container:<platform container>/pico:platform/obj:config.properties '{
     mz.cryptoservice.keystore.path="<suitable directory>/myKeystore.jks"
     mz.cryptoservice.keystore.password="<the encrypted password>"
    }'

    _

  5. Encrypt the passwords with aliases that you want to use in your external references:

    Code Block
    languagetext
    themeEclipse
    mzsh mzadmin/<password> encryptpassword -a myAlias <passwordToEncrypt>

    Use the returned password string as a value in your External Reference source, i e file or environment variable.


...