Configure encryption keys using SafeNet KeySecure

If you are using a SafeNet key store, copy a set of libraries into the proxy distribution directory.

Before you begin

You must install and set up the SafeNet keystore before performing this step. Secure a license with Gemalto in order to download the libraries.

About this task

Note: On Linux, the file paths use a forward slash.

Procedure

  1. Copy these files to <installation directory>\lib directory:
    • ingrian-nae-8.2.0.000.jar
    • ingrian-log4j-api-2.0-rc1.jar
    • ingrian-log4j-core-2.0-rc1.jar
  2. Change to the <installation directory>/conf/ directory, and open the edgeencryption.properties file.
  3. Enter the properties for the SafeNet key store.
    Table 1. Properties for an NAE device
    Property Description
    edgeencryption.nae.retries Number of retries to make.
    edgeencryption.nae.enabled If an NAE device is available.
    edgeencryption.nae.server Name of the NAE server.
    edgeencryption.nae.port Port used by the NAE server.
    edgeencryption.nae.protocol Protocol used by the NAE server.
    edgeencryption.nae.keystore.path Path to the key store on the NAE server.
    edgeencryption.nae.keystore.password NAE key store password.
    edgeencryption.encrypter.nae.user NAE username.
    edgeencryption.encrypter.nae.password NAE password.
    An example for a SafeNet key store.
    edgeencryption.nae.retries = 3
    edgeencryption.nae.enabled = true
    edgeencryption.nae.server = url
    edgeencryption.nae.port = 9000
    edgeencryption.nae.protocol = ssl
    edgeencryption.nae.keystore.path = keystore/safenet_truststore
    edgeencryption.nae.keystore.password = keystore password
    edgeencryption.encrypter.nae.user.1 = nae.user.com
    edgeencryption.encrypter.nae.password.1 = <ChangeMe>
  4. For each encryption key stored in a SafeNet key store, enter the properties for the encryption key.

    You will have this set of properties for each encryption key stored in a NAE key store. A number is appended to each property to make the properties unique. For example, edgeencryption.encrypter.type.3.

    Table 2. Properties for encryption keys stored in a NAE device
    Property Description
    edgeencryption.encrypter.type Defines a type of key store system. This property is specified for each key. Value is nae.
    edgeencryption.encrypter.key Specifies the key name. This property is specified for each key. This name is used to specify the default keys. This is the key alias included as part of the metadata included with each encrypted item, which means that it is stored on the instance.
    An example for an encryption key stored in a SafeNet key store.
    edgeencryption.encrypter.type.3 = nae
    edgeencryption.encrypter.key.3 = naekey128
  5. Save and close the edgeencryption.properties file.