com.ibm.mm.sdk.security

Class RsaEncryptionUtil

  • java.lang.Object
    • com.ibm.mm.sdk.security.RsaEncryptionUtil

  • public class RsaEncryptionUtil
extends java.lang.Object
    Utility class for RSA encryption and decryption of sensitive configuration values using Java Keystore.

    Key Storage: This implementation uses Java Keystore (PKCS12) for secure key management. Keys are stored in password-protected keystores, not embedded in code.

    Usage:

    1. Generate keystore: Use KeystoreGenerator utility
    2. Configure system properties with keystore details
    3. Encrypt credentials: RsaEncryptionUtil.encrypt(password, publicKey)
    4. Store encrypted value in properties: ${rsa:encrypted_value}
    5. System automatically decrypts using private key from keystore

    Required System Properties:

     rsa.keystorePath=config/keystore.p12
 rsa.keystorePassword=your_keystore_password
 rsa.keyAlias=rsa-encryption-key
 rsa.keyPassword=your_key_password

    Security Best Practices:

    • Store keystore passwords in environment variables
    • Set restrictive file permissions on keystore (600)
    • Use different keystores for different environments
    • Rotate keys periodically
    See Also:
    KeystoreManager, KeystoreGenerator

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method and Description
      static java.lang.String decrypt(java.lang.String encryptedText, java.security.PrivateKey privateKey)
      Decrypt an encrypted string using the provided private key.
      static java.lang.String decryptRsaExpression(java.lang.String rsaExpression)
      Decrypt an RSA expression using the private key from keystore (configured via system properties).
      static java.lang.String decryptRsaExpression(java.lang.String rsaExpression, java.security.PrivateKey privateKey)
      Decrypt an RSA expression using the provided private key.
      static java.lang.String encrypt(java.lang.String plaintext, java.security.PublicKey publicKey)
      Encrypt a plaintext string using the provided public key.
      static java.lang.String extractEncryptedValue(java.lang.String rsaExpression)
      Extract the encrypted content from an RSA expression.
      static boolean isRsaEncrypted(java.lang.String value)
      Check if a value is RSA encrypted (has ${rsa:...} format).
      static java.security.PrivateKey loadPrivateKey()
      Load private key from keystore using system properties configuration.
      static java.security.PrivateKey loadPrivateKey(java.lang.String keystorePath, java.lang.String keystorePassword, java.lang.String keyAlias, java.lang.String keyPassword)
      Load private key from keystore with explicit parameters.
      static java.security.PublicKey loadPublicKey()
      Load public key from keystore using system properties configuration.
      static java.security.PublicKey loadPublicKey(java.lang.String keystorePath, java.lang.String keystorePassword, java.lang.String keyAlias)
      Load public key from keystore with explicit parameters.
      static java.lang.String wrapAsRsaExpression(java.lang.String encryptedValue)
      Wrap an encrypted value in RSA expression format for use in properties files.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • RsaEncryptionUtil

        public RsaEncryptionUtil()

    • Method Detail

      • encrypt

        public static java.lang.String encrypt(java.lang.String plaintext,
                                       java.security.PublicKey publicKey)
                                throws java.lang.Exception
        Encrypt a plaintext string using the provided public key. Clients use this method to encrypt their credentials.
        Parameters:
        plaintext - the text to encrypt (e.g., password)
        publicKey - the RSA public key from keystore
        Returns:
        Base64-encoded encrypted string
        Throws:
        java.lang.Exception - if encryption fails

      • decrypt

        public static java.lang.String decrypt(java.lang.String encryptedText,
                                       java.security.PrivateKey privateKey)
                                throws java.lang.Exception
        Decrypt an encrypted string using the provided private key. System uses this method to decrypt credentials when loading configuration.
        Parameters:
        encryptedText - Base64-encoded encrypted text
        privateKey - the RSA private key from keystore
        Returns:
        decrypted plaintext string
        Throws:
        java.lang.Exception - if decryption fails

      • loadPublicKey

        public static java.security.PublicKey loadPublicKey()
                                             throws java.lang.Exception
        Load public key from keystore using system properties configuration.

        Required system properties:

        • rsa.keystorePath - Path to the keystore file
        • rsa.keystorePassword - Password to access the keystore
        • rsa.keyAlias - Alias of the key entry
        Returns:
        PublicKey object from keystore
        Throws:
        java.lang.Exception - if key loading fails or properties are not configured

      • loadPublicKey

        public static java.security.PublicKey loadPublicKey(java.lang.String keystorePath,
                                                    java.lang.String keystorePassword,
                                                    java.lang.String keyAlias)
                                             throws java.lang.Exception
        Load public key from keystore with explicit parameters.
        Parameters:
        keystorePath - path to the keystore file
        keystorePassword - password to access the keystore
        keyAlias - alias of the key entry
        Returns:
        PublicKey object from keystore
        Throws:
        java.lang.Exception - if key loading fails

      • loadPrivateKey

        public static java.security.PrivateKey loadPrivateKey()
                                               throws java.lang.Exception
        Load private key from keystore using system properties configuration.

        Required system properties:

        • rsa.keystorePath - Path to the keystore file
        • rsa.keystorePassword - Password to access the keystore
        • rsa.keyAlias - Alias of the key entry
        • rsa.keyPassword - Password to access the private key
        Returns:
        PrivateKey object from keystore
        Throws:
        java.lang.Exception - if key loading fails or properties are not configured

      • loadPrivateKey

        public static java.security.PrivateKey loadPrivateKey(java.lang.String keystorePath,
                                                      java.lang.String keystorePassword,
                                                      java.lang.String keyAlias,
                                                      java.lang.String keyPassword)
                                               throws java.lang.Exception
        Load private key from keystore with explicit parameters.
        Parameters:
        keystorePath - path to the keystore file
        keystorePassword - password to access the keystore
        keyAlias - alias of the key entry
        keyPassword - password to access the private key
        Returns:
        PrivateKey object from keystore
        Throws:
        java.lang.Exception - if key loading fails

      • isRsaEncrypted

        public static boolean isRsaEncrypted(java.lang.String value)
        Check if a value is RSA encrypted (has ${rsa:...} format).
        Parameters:
        value - the value to check
        Returns:
        true if the value appears to be RSA encrypted

      • extractEncryptedValue

        public static java.lang.String extractEncryptedValue(java.lang.String rsaExpression)
        Extract the encrypted content from an RSA expression.
        Parameters:
        rsaExpression - the RSA expression (e.g., "${rsa:encrypted_value}")
        Returns:
        the encrypted value without the prefix and suffix

      • wrapAsRsaExpression

        public static java.lang.String wrapAsRsaExpression(java.lang.String encryptedValue)
        Wrap an encrypted value in RSA expression format for use in properties files.
        Parameters:
        encryptedValue - the encrypted value
        Returns:
        the value wrapped as "${rsa:encrypted_value}"

      • decryptRsaExpression

        public static java.lang.String decryptRsaExpression(java.lang.String rsaExpression)
                                             throws java.lang.Exception
        Decrypt an RSA expression using the private key from keystore (configured via system properties).
        Parameters:
        rsaExpression - the RSA expression (e.g., "${rsa:encrypted_value}")
        Returns:
        the decrypted plaintext value
        Throws:
        java.lang.Exception - if decryption fails or keystore is not configured

      • decryptRsaExpression

        public static java.lang.String decryptRsaExpression(java.lang.String rsaExpression,
                                                    java.security.PrivateKey privateKey)
                                             throws java.lang.Exception
        Decrypt an RSA expression using the provided private key.
        Parameters:
        rsaExpression - the RSA expression (e.g., "${rsa:encrypted_value}")
        privateKey - the private key for decryption
        Returns:
        the decrypted plaintext value
        Throws:
        java.lang.Exception - if decryption fails
Skip navigation links
Copyright © 2024 IBM Corporation

Copyright © 2024 IBM Corporation. All rights reserved.