com.ibm.di.api.security
Class CryptoUtils

java.lang.Object
  com.ibm.di.api.security.CryptoUtils

public class CryptoUtils
extends Object

This class represents the Server's cryptographic module. It is initialized by the Server at startup.

Field Summary

static String	ENCRYPTION_PROP_SERVER_KEY_ALIAS System property that specifies the alias of the Server encryption key.
static String	ENCRYPTION_PROP_SERVER_KEYSTORE System property that specifies the path to the keystore which hosts the Server encryption key.
static String	ENCRYPTION_PROP_SERVER_KEYSTORE_TYPE System property that specifies the type of the keystore which hosts the Server encryption key.
static String	ENCRYPTION_PROP_SERVER_TRANSFORMATION System property that specifies the cryptographic transformation used by the Server for encryption.
static String	MODE_CDECRYPT Decrypt a TDI configuration file.
static String	MODE_CENCRYPT Encrypt a TDI configuration file.
static String	MODE_DECRYPT Decrypt User Registry.
static String	MODE_ENCRYPT Encrypt User Registry.
static String	MODE_PDECRYPT Decrypt a TDI properties file.
static String	MODE_PENCRYPT Encrypt a TDI properties file.

Constructor Summary

CryptoUtils()

Method Summary

static byte[]	decryptSecurityRegistry(byte[] data) Decrypt User Registry contents with the Server encryption key.
static byte[]	decryptWithServerKey(byte[] data) Decrypt data with the Server encryption key.
static byte[]	encryptWithServerKey(byte[] data) Encrypt data with the Server encryption key.
static Crypto	getCrypto(String keyAlias, String transformation) Create a Crypto object using a specified Certificate.
static Crypto	getDefaultCrypto() Retrieve an object representation of the Server's encryption/decryption functionality.
static String[]	getKeyStoreAliases() Returns a list of the server Certificate aliases.
static void	init(String keyStorePass, String keyPass) Initialize this module.
static void	main(String[] args) The entry-point of the cryptoutils command-line tool.
static byte[]	readFile(String fileName) Read a whole file as binary.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

MODE_ENCRYPT

public static final String MODE_ENCRYPT

Encrypt User Registry. Encrypted files are written as binary and not prefixed by marker signature.

See Also:

Constant Field Values

MODE_DECRYPT

public static final String MODE_DECRYPT

Decrypt User Registry.

See Also:

Constant Field Values

MODE_CENCRYPT

public static final String MODE_CENCRYPT

Encrypt a TDI configuration file. Encrypted files are written as binary and prefixed by marker signature.

See Also:

Constant Field Values

MODE_CDECRYPT

public static final String MODE_CDECRYPT

Decrypt a TDI configuration file.

See Also:

Constant Field Values

MODE_PENCRYPT

public static final String MODE_PENCRYPT

Encrypt a TDI properties file. The file is not encrypted as a whole - only values of protected properties are encrypted. Both the input and the output of the operation are text files which use the default encoding for the platform.

See Also:

Constant Field Values

MODE_PDECRYPT

public static final String MODE_PDECRYPT

Decrypt a TDI properties file. The file is not decrypted as a whole - only encrypted property values are decrypted. Both the input and the output of the operation are text files which use the default encoding for the platform.

See Also:

Constant Field Values

ENCRYPTION_PROP_SERVER_KEYSTORE

public static final String ENCRYPTION_PROP_SERVER_KEYSTORE

System property that specifies the path to the keystore which hosts the Server encryption key. The password for that keystore is located in the Server Stash File.

See Also:

Constant Field Values

ENCRYPTION_PROP_SERVER_KEYSTORE_TYPE

public static final String ENCRYPTION_PROP_SERVER_KEYSTORE_TYPE

System property that specifies the type of the keystore which hosts the Server encryption key.

See Also:

Constant Field Values

ENCRYPTION_PROP_SERVER_TRANSFORMATION

public static final String ENCRYPTION_PROP_SERVER_TRANSFORMATION

System property that specifies the cryptographic transformation used by the Server for encryption. Can be either "RSA" or some secret key transformation, which a call to javax.crypto.Cipher.getInstance would accept. For example "AES/CBC/PKCS5Padding". The transformation must explicitly require a secret key. Password-based (PBE) transformations are not supported.

See Also:

Constant Field Values

ENCRYPTION_PROP_SERVER_KEY_ALIAS

public static final String ENCRYPTION_PROP_SERVER_KEY_ALIAS

System property that specifies the alias of the Server encryption key.

See Also:

Constant Field Values

Constructor Detail

CryptoUtils

public CryptoUtils()

Method Detail

init

public static void init(String keyStorePass,
                        String keyPass)
                 throws Exception

Initialize this module. This method must be called before using any of the other methods.

Parameters:

keyStorePass - a password for the keystore that hosts the Server encryption key

keyPass - a password for the key inside the keystore

Throws:

Exception - the module is already initialized; a required system property is missing; the key cannot be retrieved; the encryption transformation is not supported; the key is not suitable for the encryption transformation

main

public static void main(String[] args)
                 throws Exception

The entry-point of the cryptoutils command-line tool. Invoke with no arguments to print a brief usage manual.

Parameters:

args - command-line arguments

Throws:

Exception - operation error

readFile

public static byte[] readFile(String fileName)
                       throws IOException

Read a whole file as binary.

Parameters:

fileName - file to read

Returns:

file contents

Throws:

IOException - error while reading the file

decryptSecurityRegistry

public static byte[] decryptSecurityRegistry(byte[] data)
                                      throws Exception

Decrypt User Registry contents with the Server encryption key.

Parameters:

data - User Registry contents

Returns:

decrypted data

Throws:

Exception - this module is not initialized or some cryptographic error occurred

encryptWithServerKey

public static byte[] encryptWithServerKey(byte[] data)
                                   throws Exception

Encrypt data with the Server encryption key.

Parameters:

data - data to encrypt

Returns:

encrypted data

Throws:

Exception - this module is not initialized or some cryptographic error occurred

decryptWithServerKey

public static byte[] decryptWithServerKey(byte[] data)
                                   throws Exception

Decrypt data with the Server encryption key.

Parameters:

data - encrypted data

Returns:

decrypted data

Throws:

Exception - this module is not initialized or some cryptographic error occurred

getDefaultCrypto

public static Crypto getDefaultCrypto()
                               throws Exception

Retrieve an object representation of the Server's encryption/decryption functionality. The returned object is thread-safe.

Returns:

Server's cryptographic object

Throws:

Exception - this module is not initialized

getCrypto

public static Crypto getCrypto(String keyAlias,
                               String transformation)
                        throws Exception

Create a Crypto object using a specified Certificate.

Parameters:

keyAlias - The alias for the Certificate

transformation - The Crypto algorithm/transformation to use

Returns:

a cryptographic object

Throws:

Exception - this module is not initialized

Since:

7.1

getKeyStoreAliases

public static String[] getKeyStoreAliases()
                                   throws Exception

Returns a list of the server Certificate aliases. An empty string is the first element in the array, for convenience.

Returns:

a list of the server Certificate aliases

Throws:

Exception - if this module is not initialized

Since:

7.1