...
If aliases are to be used, the full path and password to the keystore has to be indicated by including the Platform properties mz.cryptoservice.keystore.path
and mz.cryptoservice.keystore.password
in the Platform instance. See /wiki/spaces/MD82/pages/3778732System Properties in the System Administration Guide for further information about these properties. The keystore must also contain keys for all the aliases you want to use.
...
Info |
---|
title | Example - Encrypting passwords with crypto service keystore keys |
---|
|
This is an example of how passwords can be encrypted with crypto service keystore keys: Create a security key with the keytool: Code Block |
---|
| keytool -genseckey -alias myAlias -keyalg AES
-keystore myKeystore.jks -keysize 128
-storepass myKeystorePassword -storetype JCEKS. |
Note |
---|
| If you enter a -keysize that is larger than 128, you may get a message saying that JCE Unlimited Strength Jurisdiction Policy Files needs to be installed. See the Oracle product documentation for further information about this. The -storepass flag is optional. If you do not enter a -storepass you will be prompted for a password. -storetype JCEKS is mandatory.
You will be prompted if you want to use the same password for the key as for the keystore and requires the system requires that the same password is used.
|
Place the keystore in a suitable directory. Encrypt the password to the keystore using the mzsh encryptpassword command with the default key: Code Block |
---|
| mzsh mzadmin/<password> encryptpassword myKeystorePassword |
The encrypted password is returned. Set the Platform properties mz.cryptoservice.keystore.path and mz.cryptoservice.keystore.password : Code Block |
---|
| $ mzsh topo set topo://container:<platform container>/pico:platform/obj:config.properties '{
mz.cryptoservice.keystore.path="<suitable directory>/myKeystore.jks"
mz.cryptoservice.keystore.password="<the encrypted password>"
}' |
_ Encrypt the passwords with aliases that you want to use in your external references: Code Block |
---|
| mzsh mzadmin/<password> encryptpassword -a myAlias <passwordToEncrypt> |
Use the returned password string as a value in your External Reference source, i e file or environment variable.
|
...