Configure Encrypted Passwords Using the LCU

The Connect:Direct® Secure Plus CLI displays passwords in plain text. If you need to encrypt passwords for use with the Connect:Direct Secure Plus CLI, use the Local Connection Utility (LCU) to create an LCU file that contains non-encrypted information used to encrypt the password and the encrypted password, such as a keycert passphrase. You can then refer to this file when prompted for passwords.

LCU Files

The following example shows how to specify when an LCU file is used in place of a plain-text password:
 C:\...\...\Connect Direct v4.6.00\Common Utilities>lcu -f C:\SomeDir\MyLCU.dat
 **************************************************************
 *         Connect:Direct Java Client Connection Utility      *
 *                           Version 4.6.00 *
 *------------------------------------------------------------*
 * Copyright (c) 1983, 2011             *
 * All Rights Reserved.                                       *
 **************************************************************
 Node:
 >JLYON-XP.4600
 API Address: <Enter> = 'JLYON-XP'
 >
 API Port: <Enter> = '1363'
 > 
User Name:
 >SomeValue
 Password:
 > Confirm Password:
 > 
Saving file: C:\SomeDir\MyLCU.dat
C:\...\...\Connect Direct v4.6.00\Server\Secure+>SPCli
...
 SPCLI> Create STSKeyPair
 KeyPairFile=C:\SomeDir\StsKeyPairFile.dat
 Passphrase=LCU:C:\SomeDir\MyLCU.dat;
SPCG670I rc=0 Create stskeypair command successful.
SPCLI> Update RemoteNode
 Name=JLYON-XP.4600 
StsAuthLocalKey=set 
StsAuthKeyPairFile=C:\SomeDir\StsKeyPairFile.dat
StsAuthKeyPairFilePassphrase=LCU:C:\SomeDir\MyLCU.dat
SPCG470I rc=0 Update remote node "JLYON-XP.4600" command successful.

The use of the LCU syntax “LCU:” indicates that what follows is an LCU filename and not a passphrase. The pathname of the LCU file can be a relative path, a relative path to the bin directory, or a full path. If LCU:filename contains spaces, it must be enclosed in quotation marks: “LCU:filename”. The default name of the LCU file is cddef.bin. After the cddef.bin file is created, you can rename it as needed.

LCU files can be used to provide encrypted passwords for the following commands and parameters:

Command Parameter
Update LocalNode

StsAuthKeyPairFilePassphrase

StsSigKeyPairFilePassphrase

SslTlsCertPassphrase

Create RemoteNode

StsAuthKeyPairFilePassphrase

StsSigKeyPairFilePassphrase

SslTlsCertPassphrase

Update RemoteNode

StsAuthKeyPairFilePassphrase

StsSigKeyPairFilePassphrase

SslTlsCertPassphrase

Create STSKeyPair

Passphrase

Update Client

SslTlsCertPassphrase

Update SEAServer

SslTlsCertPassphrase