Key Store Provider Map

Sterling B2B Integrator has the keystore type that is unique across cryptographic service providers; it is able to define a mapping between keystore types and providers required for implementing the keystore object itself, signature algorithms, and key transport algorithms.

The key and key information abstraction object contains this information with a reference to a com.sterlingcommerce.security.PrivateKeyInfo.

This allows Sterling B2B Integrator to use a combination of keys on HSMs and in software stores in the database at the same time without additional configuration beyond the initial loading of the key or key information into the database. To Sterling B2B Integrator, the keys all look the same, regardless of where they are stored.

Mapping is implemented as a property called KeyStoreProviderMap in security.properties. It consists of a set of entries delimited by semi colons (;). Each entry has six elements delimited by commas and follow this format:

KeyStoreType, KeyStoreProvider, DoesAliasMatter, SignatureProvider,
EncryptionProvider, KeyOnHSM

The elements are described in the following table:

Element Description Additional Information
KeyStoreType The string type of the keystore  
KeyStoreProvider The name of the cryptographic service provider that implements the keystore  
DoesAliasMatter Whether the alias of keys must be unique for this keystore type This can be either true or false. Keys have to have unique aliases in the case where there is only one keystore per device.
SignatureProvider The name of the cryptographic service provider to use to create signatures using keys from the keystore  
EncryptionProvider The name of the cryptographic service provider to use when decrypting information using keys in the keystore This is mostly for RSA key transport operations
KeyOnHSM Whether the keystore is on an HSM  

The string null is an acceptable value and will be treated as though no provider has been specified. An entry must have at least two values. If an entry contains less than six values, the values will be assigned from left to right to the keystore provider, whether the alias matters when storing the key, signature provider, encryption provider, and whether the key is on an HSM for the KeyStore type. The others will be treated as nulls and no specific provider will be requested for operations with keys of that type.

Note: If PKCS11IMPLKS is used, the provider name must be SunPKCS11-<name property value set in HSM configuration file>. For example, SunPKCS11-B2Bi.
Use the following configuration value for nCipher starting from Sterling B2B Integrator v6.2.1.0 onward:
nCipher = PKCS11IMPLKS,SunPKCS11-B2Bi,true,SunPKCS11-B2Bi,SunPKCS11-B2Bi,true