How to Create a New Keystore

Creating a new keystore to replace the Cúram default requires running the keytool command provided with the JDK (or equivalent), modifying the CryptoConfig.properties settings to correspond (necessary, only if the keystore name and/or location is changed from the default, but changing the name can make your customizations more obvious), and ensure the Curam Ant targets can find the new keystore (necessary, only if the default location is changed).

For example:

keytool -genseckey -v  -alias MySecretKey -keyalg AES -keysize 128 -keystore MyOrganization.keystore -storepass secretpw -storetype jceks

The section Key Management identifies the keytool command arguments that relate to the CryptoConfig.properties settings.

The default location of the keystore file is the <SERVER_DIR>/project/properties directory with a sub-directory structure that reflects the JDK in use: "ibm" for the IBM JDK and "sun" for the Oracle JDK. So, when creating a keystore file the Curam build scripts expect to find it in the case of the IBM JDK in: <SERVER_DIR>/project/properties/ibm. If you desire to use a location different from the default you can do one of two things:

  1. Use an absolute location for the keystore file as described in Cryptography Properties. In this case the Curam default keystore files in CryptoConfig.jar will be ignored in favor of the absolute setting CryptoConfig.properties.
  2. Use the Ant crypto.prop.file.location property when you run any of the targets, described in Cipher Customization, that create and copy the CryptoConfig.jar to point to your alternate location. The location specified will have to reflect the structure of your JDK - "ibm" or "sun". For instance:
    • Place the new keystore file in a location like this on Windows for the IBM JDK: C:\Curam\keystore\ibm\MyOrganization.keystore
    • Point to that location when running the build targets: ant configure -Dcrypto.prop.file.location=C:\Curam\keystore
Note: In the example above the change of keystore file name to MyOrganization.keystore will require a corresponding change to CryptoConfig.properties as per Cryptography Properties.
Note: The only supported keystore type for Cúram cryptography is jceks.

Following the keystore creation you need to follow the steps in Cipher Customization.

Related topics:

Parent topic: Customizing Cryptography