Encrypting gateway and transport module properties

The gateway supports the use of 128 bit, 192 bit, and 256 bit encryption keys when encrypting gateway and transport module string value properties. You perform a number of steps to enable the encryption of gateway and transport module string value properties.

The following list summarizes the tasks you need to perform to enable the encryption of gateway and transport module string value properties. Some of these tasks involve editing gateway properties files and transport module properties files. See Summary for the gateway and transport module properties files you would use.

Note: Encrypting transport module string value properties requires transport module Version 10.0.23 or later. Also, for encrypted string values for passwords in the transport module properties files the gateway ensures that their associated unencrypted values do not appear in log files or Java error messages. However, the gateway does not guarantee this will happen for other properties.

Set the following properties in the appropriate gateway properties file:
- ConfigCryptoAlg - You set this property to the value 'AES_FIPS'.
- ConfigKeyFile - You set this property to the file path and file name of the key file that was generated by the nco_keygen utility.
The transport module inherits the configuration of ConfigCrytoAlg and ConfigKeyFile from the gateway properties.

Note: You need to set the ConfigCryptoAlg property to the value 'AES_FIPS' in the gateway properties file.
Run the nco_keygen utility to generate a key and store it in a key file.
Use the nco_aes_crypt utility to encrypt a gateway or transport property string value with the key that was generated by the nco_keygen utility.
For details on the tasks associated with property value encryption, see the following topic on the Tivoli Netcool/OMNIbus Knowledge Center:
https://www-304.ibm.com/support/knowledgecenter/SSSHTQ_8.1.0/com.ibm.netcool_OMNIbus.doc_8.1.0/omnibus/wip/admin/reference/omn_adm_propsfileencryption.html?lang=en
Configure the Java Runtime Environment (JRE) for FIPS 140-2, which includes:
- Editing the java.security file
- Installing the "Unrestricted Java Cryptography Extension (JCE) policy files for SDK"
For details on how to configure the JRE for FIPS 140-2, see the following topic on the Tivoli Netcool/OMNIbus Knowledge Center: https://www-304.ibm.com/support/knowledgecenter/SSSHTQ_8.1.0/com.ibm.netcool_OMNIbus.doc_8.1.0/omnibus/wip/install/task/omn_con_configuringjreforfips.html.