AES encryption

Advanced Encryption Standard (AES) is an additional method for encrypting passwords for the InfoSphere® MDM operational server.

After you install InfoSphere MDM, you must generate an AES key and initialization vector (iv). You can then take the AES key and iv to and use them to encrypt a password with the madpwd3 utility.

Note: For more information, see the madpwd3 utility reference topic.
You must also identify your JSSE/JCE AES cipher provider.
Tip: Use the default JSSE/JCE AES cipher provider setting from the java.security file unless your organization uses a JCE provider other than the default included with the provided JVM.
By default, the MDM operational server uses madpwd2 encryption for the database password, as configured in the .CFG files under mds/conf/ and native.war/conf/. To use madpwd3 instead, modify the files under WAS_PROFILE_HOME/installedApps/CELL/MDM-native-APPNAME/native.war/conf/ (or MAD_ROOTDIR/conf/ if you are running MDS command-line utilities or jobs):
  • In com.ibm.mdm.mds.jdbc.cfg, comment out (using #) or remove password2 and add the following properties:
    password3 = <the database password encrypted with the madpwd3 utility>
aeskeyfile = <the path to file containing an AES 128, 192 or 256-bit key>
aesivfile = <the path to the file containing an AES initialization vector>
aesprovider = <(optional) the Java Cryptography Extension (JCE) provider>
    Note: The aesprovider property can contain a specific provider, such as SunJCE or IBMJCE, or none. If no provider is given, then providers are selected based on preference order in the java.security file located in $JAVA_HOME/lib/security or $JAVA_HOME/jre/lib/security.
  • In com.ibm.mdm.mds.jni.cfg, locate MAD_CONNSTR, and then replace PWD2/=<password encrypted with madpwd2>; with PWD3/=<password encrypted with madpwd3>;
  • In the WebSphere Application Server Integrated Solutions Console (admin console):
    1. Navigate to Servers > Server Types > WebSphere application servers > SERVER NAME > Server Infrastructure > Expand Java and Process Management > Process definition > Additional Properties > Java Virtual Machine > Additional Properties > Custom Properties.
    2. Add the following custom properties:
      • For AIX or Linux:
        MAD_SSLCRYPTOLIB=libcrypto.so
MAD_SSLLIB=libssl.so
      • For Windows:
        MAD_SSLCRYPTOLIB=libeay32.dll
MAD_SSLLIB=ssleay32.dll
    3. Add the following custom properties to provide the paths to the files containing the AES key and initialization vector. For example:
      MAD_SSLAESKEYFILE=/opt/IBM/MDM/mdmaeskey.dat
MAD_SSLAESIVFILE=/opt/IBM/MDM/mdmaesiv.dat