Creating a new keystore to replace the Cúram default requires running the keytool command provided with the JDK (or equivalent), modifying the CryptoConfig.properties settings to correspond (necessary, only if the keystore name and/or location is changed from the default, but changing the name can make your customizations more obvious), and ensure the Curam Ant targets can find the new keystore (necessary, only if the default location is changed).
For example:
keytool -genseckey -v -alias MySecretKey -keyalg AES -keysize 128 -keystore MyOrganization.keystore -storepass secretpw -storetype jceks
The section Key Management identifies the keytool command arguments that relate to the CryptoConfig.properties settings.
The default location of the keystore file is the <SERVER_DIR>/project/properties directory with a sub-directory structure that reflects the JDK in use: "ibm" for the IBM JDK and "sun" for the Oracle JDK. So, when creating a keystore file the Curam build scripts expect to find it in the case of the IBM JDK in: <SERVER_DIR>/project/properties/ibm. If you desire to use a location different from the default you can do one of two things:
Following the keystore creation you need to follow the steps in Cipher Customization.
Related topics: