Generating a key in a key file
Run the nco_keygen utility to generate a key and store it in a key file. Command-line options are available for you to either specify a hexadecimal value for the key, or to specify a length in bits for automatic key generation.
About this task
You can create a single key that is used by all the properties files, or create a key for each properties file.
To generate a key within a key file:
Procedure
$NCHOME/omnibus/bin/nco_keygen -o key_file [-l length | -k key]
- key_file represents the output file path and file name to which the key is saved.
- length represents the length in bits of the key, as specified by you. This number must be divisible by 8 to make a whole number of bytes. The default is 128. Only 128, 192, and 256 are valid key lengths for AES encryption.
- key represents the value of the key in hexadecimal
digits, as specified by you.
You can use either the -l or -k command-line option, but not both.
If you use the -o command-line option to specify an output file name, and omit both the -l and -k options, a randomly-generated 128-bit key is written to the file.
Results
The nco_keygen utility writes the key to the file, using the format length:key, where length is the number of bits in the key, represented as ASCII decimal numerals, and key is the key data.
The key can be used to both encrypt and decrypt data. For decryption, the key file must be accessible to the process decrypting the data. Access to the key file could be controlled by UNIX or Windows file permissions or other methods, though this is not covered by any Tivoli Netcool/OMNIbus schema or tools.