Key Management

The management of the secret key for Cúram encrypted passwords is done via the JDK-provided keytool command, or equivalent. You will need to make local decisions about placement and isolation of the secret key for Cúram that are compatible with your local organization and standards.

Keep in mind that some settings passed to the keytool command need to be reflected in the CryptoConfig.properties settings, which needs to be coordinated for successful deployment as discussed in Cipher Customization. The following table shows the relationship between keytool command arguments and the Cúram crypto properties.

Table 1. Relationship of keytool Command Arguments to Cúram Crypto Properties

Keytool argument

CryptoConfig.properties property

-keyalg

curam.security.crypto.cipher.algorithm

-alias

curam.security.crypto.cipher.keystore.seckey.alias

-keystore

curam.security.crypto.cipher.keystore.location

-storepass

curam.security.crypto.cipher.keystore.storepass
Note: The secret key password defaults to the storepass password and should not be changed.

See the JDK documentation for more information on using the keytool command.

Related topics:

Parent topic: Customizing Cryptography