mqiptPW (encrypt stored password)

Encrypt a password for use by IBM® MQ Internet Pass-Thru (MQIPT).

Purpose

Use the mqiptPW command to encrypt a password that is stored for use by MQIPT.

The MQIPT configuration might include passwords to access various resources, as well as the MQIPT access password for administration using the command port.

In versions earlier than IBM MQ 9.1.5, only passwords that are used by MQIPT to access key rings, or cryptographic hardware key stores, can be encrypted. From IBM MQ 9.1.5, all stored passwords for use by MQIPT should be protected by encrypting the password with the mqiptPW command.

Syntax

Use this syntax to call the mqiptPW command to encrypt any password for use by MQIPT in IBM MQ 9.1.5 or higher. Store the encrypted password in the appropriate property in the mqipt.conf configuration file.

The command prompts for the password to be encrypted to be entered.

Read syntax diagramSkip visual syntax diagram mqiptPW -sfencryption_key_file-spprotection_mode

Optional parameters

-sf encryption_key_file
The name of a file that contains the password encryption key. If specified, the file must contain at least one character, and only one line.
If this parameter is not specified, the default password encryption key is used.
This parameter can be specified only with password protection mode 1 or higher.
-sp protection_mode
The password protection mode to be used by the command. One of the following values can be specified:
[MQ 9.3.0 Jun 2022]2
Use the latest password protection mode. This is the default value from IBM MQ 9.3.0.
1
Use the IBM MQ 9.1.5 password protection mode for compatibility with versions earlier than IBM MQ 9.3.0. This is the default value in versions earlier than IBM MQ 9.3.0.
0
[Deprecated]Use the deprecated password protection mode.

Deprecated syntax to encrypt key ring passwords

Use this syntax to call the mqiptPW command to encrypt a key ring password. The encrypted password is stored in file which can be read by any version of MQIPT. [Deprecated]This syntax is deprecated from IBM MQ 9.1.5 as it does not offer the most secure encryption method.

Read syntax diagramSkip visual syntax diagram mqiptPW passwordfile_name-replace
[Deprecated]

Parameters for deprecated syntax

password
The clear text password to encrypt. Passwords can include the space character, but the whole password string must be enclosed in quotes for this to be acceptable. There is no limit to the length or format of the password.
file_name
The name of a file to create, to contain the encrypted password.
-replace
Overwrite an existing password file with the same name, if it exists. This parameter is optional.

Return codes

Table 1. Return code identifiers and descriptions
Return code Description
0 Command successful.
>0 Command not successful.