CryptoUtils (IBM Tivoli Directory Integrator API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.ibm.di.api.security
Class CryptoUtils

java.lang.Object
  com.ibm.di.api.security.CryptoUtils

public class CryptoUtils
extends java.lang.Object
extends java.lang.Object

This class represents the Server's cryptographic module. It is initialized by the Server at startup.

Field Summary
`static java.lang.String`	`ENCRYPTION_PROP_SERVER_KEY_ALIAS` System property that specifies the alias of the Server encryption key.
`static java.lang.String`	`ENCRYPTION_PROP_SERVER_KEYSTORE` System property that specifies the path to the keystore which hosts the Server encryption key.
`static java.lang.String`	`ENCRYPTION_PROP_SERVER_KEYSTORE_TYPE` System property that specifies the type of the keystore which hosts the Server encryption key.
`static java.lang.String`	`ENCRYPTION_PROP_SERVER_TRANSFORMATION` System property that specifies the cryptographic transformation used by the Server for encryption.
`static java.lang.String`	`MODE_CDECRYPT` Decrypt a TDI configuration file.
`static java.lang.String`	`MODE_CENCRYPT` Encrypt a TDI configuration file.
`static java.lang.String`	`MODE_DECRYPT` Decrypt User Registry.
`static java.lang.String`	`MODE_ENCRYPT` Encrypt User Registry.
`static java.lang.String`	`MODE_PDECRYPT` Decrypt a TDI properties file.
`static java.lang.String`	`MODE_PENCRYPT` Encrypt a TDI properties file.

Constructor Summary
`CryptoUtils()`

Method Summary
`static byte[]`	`decryptSecurityRegistry(byte[] data)` Decrypt User Registry contents with the Server encryption key.
`static byte[]`	`decryptWithServerKey(byte[] data)` Decrypt data with the Server encryption key.
`static byte[]`	`encryptWithServerKey(byte[] data)` Encrypt data with the Server encryption key.
`static Crypto`	`getDefaultCrypto()` Retrieve an object representation of the Server's encryption/decryption functionality.
`static void`	`init(java.lang.String keyStorePass, java.lang.String keyPass)` Initialize this module.
`static void`	`main(java.lang.String[] args)` The entry-point of the cryptoutils command-line tool.
`static byte[]`	`readFile(java.lang.String fileName)` Read a whole file as binary.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

MODE_ENCRYPT

public static final java.lang.String MODE_ENCRYPT

Encrypt User Registry. Encrypted files are written as binary and not prefixed by marker signature.

See Also:: Constant Field Values

MODE_DECRYPT

public static final java.lang.String MODE_DECRYPT

Decrypt User Registry.

See Also:: Constant Field Values

MODE_CENCRYPT

public static final java.lang.String MODE_CENCRYPT

Encrypt a TDI configuration file. Encrypted files are written as binary and prefixed by marker signature.

See Also:: Constant Field Values

MODE_CDECRYPT

public static final java.lang.String MODE_CDECRYPT

Decrypt a TDI configuration file.

See Also:: Constant Field Values

MODE_PENCRYPT

public static final java.lang.String MODE_PENCRYPT

Encrypt a TDI properties file. The file is not encrypted as a whole - only values of protected properties are encrypted. Both the input and the output of the operation are text files which use the default encoding for the platform.

See Also:: Constant Field Values

MODE_PDECRYPT

public static final java.lang.String MODE_PDECRYPT

Decrypt a TDI properties file. The file is not decrypted as a whole - only encrypted property values are decrypted. Both the input and the output of the operation are text files which use the default encoding for the platform.

See Also:: Constant Field Values

ENCRYPTION_PROP_SERVER_KEYSTORE

public static final java.lang.String ENCRYPTION_PROP_SERVER_KEYSTORE

System property that specifies the path to the keystore which hosts the Server encryption key. The password for that keystore is located in the Server Stash File.

See Also:: Constant Field Values

ENCRYPTION_PROP_SERVER_KEYSTORE_TYPE

public static final java.lang.String ENCRYPTION_PROP_SERVER_KEYSTORE_TYPE

System property that specifies the type of the keystore which hosts the Server encryption key.

See Also:: Constant Field Values

ENCRYPTION_PROP_SERVER_TRANSFORMATION

public static final java.lang.String ENCRYPTION_PROP_SERVER_TRANSFORMATION

System property that specifies the cryptographic transformation used by the Server for encryption. Can be either "RSA" or some secret key transformation, which a call to javax.crypto.Cipher.getInstance would accept. For example "AES/CBC/PKCS5Padding". The transformation must explicitly require a secret key. Password-based (PBE) transformations are not supported.

See Also:: Constant Field Values

ENCRYPTION_PROP_SERVER_KEY_ALIAS

public static final java.lang.String ENCRYPTION_PROP_SERVER_KEY_ALIAS

System property that specifies the alias of the Server encryption key.

See Also:: Constant Field Values

Constructor Detail

CryptoUtils

public CryptoUtils()

Method Detail

init

public static void init(java.lang.String keyStorePass,
                        java.lang.String keyPass)
                 throws java.lang.Exception

Initialize this module. This method must be called before using any of the other methods.

Parameters:: keyStorePass - a password for the keystore that hosts the Server encryption key; keyPass - a password for the key inside the keystore
Throws:: java.lang.Exception - the module is already initialized; a required system property is missing; the key cannot be retrieved; the encryption transformation is not supported; the key is not suitable for the encryption transformation

main

public static void main(java.lang.String[] args)
                 throws java.lang.Exception

The entry-point of the cryptoutils command-line tool. Invoke with no arguments to print a brief usage manual.

Parameters:: args - command-line arguments
Throws:: java.lang.Exception - operation error

readFile

public static byte[] readFile(java.lang.String fileName)
                       throws java.io.IOException

Read a whole file as binary.

Parameters:: fileName - file to read
Returns:: file contents
Throws:: java.io.IOException - error while reading the file

decryptSecurityRegistry

public static byte[] decryptSecurityRegistry(byte[] data)
                                      throws java.lang.Exception

Decrypt User Registry contents with the Server encryption key.

Parameters:: data - User Registry contents
Returns:: decrypted data
Throws:: java.lang.Exception - this module is not initialized or some cryptographic error occurred

encryptWithServerKey

public static byte[] encryptWithServerKey(byte[] data)
                                   throws java.lang.Exception

Encrypt data with the Server encryption key.

Parameters:: data - data to encrypt
Returns:: encrypted data
Throws:: java.lang.Exception - this module is not initialized or some cryptographic error occurred

decryptWithServerKey

public static byte[] decryptWithServerKey(byte[] data)
                                   throws java.lang.Exception

Decrypt data with the Server encryption key.

Parameters:: data - encrypted data
Returns:: decrypted data
Throws:: java.lang.Exception - this module is not initialized or some cryptographic error occurred

getDefaultCrypto

public static Crypto getDefaultCrypto()
                               throws java.lang.Exception

Retrieve an object representation of the Server's encryption/decryption functionality. The returned object is thread-safe.

Returns:: Server's cryptographic object
Throws:: java.lang.Exception - this module is not initialized