Create and configure encryption keys using Java KeyStore

You can use the keytool shipped with the encryption proxy distribution to create AES 128 and AES 256 encryption keys.

Before you begin

You must use the Java 1.8 version of the keytool utility. A copy of the utility can be found in <proxy install dir>/java/jre/bin/keytool.

To find out more about the keytool utility, see the Java SE Documentation.

About this task

Note: The Java KeyStore requires that the alias name (key name, key alias) use lowercase letters and numbers.

Procedure

  1. Change to the key store directory, <installation directory>/keystore/.
  2. To create the encryption key, run one of the following commands.
    Note: If you choose to run these commands from a directory other than the key store directory, that is you skipped the previous step, you must change the -keystore option to include the path from your current directory to the key store directory. For example, if you were in the <installation directory>\bin directory, the option would be -keystore ../keystore/keystore.jceks
    OptionDescription
    AES 128 keytool -genseckey -alias 128bitkey -keyalg aes -keysize 128 -keystore keystore.jceks -storetype jceks
    AES 256 keytool -genseckey -alias 256bitkey -keyalg aes -keysize 256 -keystore keystore.jceks -storetype jceks
  3. For each encryption key stored in a Java KeyStore key store, enter the properties for the encryption key.
    1. Change to the <installation directory>/conf/ directory.
    2. Open the edgeencryption.properties file.
    3. Enter the properties for the encryption key.

      You will have this set of properties for each encryption key stored in a Java KeyStore key store. A number is appended to each property to make the properties unique. For example, edgeencryption.encrypter.type.2.

      Table 1. Properties for encryption keys stored in a Java KeyStore key store
      Property Description
      edgeencryption.encrypter.type Defines a type of key store system. This property is specified for each key. Value is keystore.
      edgeencryption.encrypter.key Specifies the key name. This property is specified for each key. This name is used to specify the default keys. This is the key alias included as part of the metadata included with each encrypted item, which means that it is stored on the instance. The key name must use lowercase letters.
      edgeencryption.encrypter.password Specifies the password for accessing the key store.
      edgeencryption.proxy.https.keystore.path Specifies the URL of the KeyStore.
      An example for a Java KeyStore key store.
      edgeencryption.encrypter.type.2 = keystore
      edgeencryption.encrypter.file.2 = keystore/keystore.jceks
      edgeencryption.encrypter.password.2 = password
      edgeencryption.encrypter.key.2 = keyalias
  4. Save and close the edgeencryption.properties file.