Additional information about key files

A key file contains the key that is used to encrypt or decrypt the password of the technical user. The algorithm used for the encipherment is AES-128. Therefore, the key must be 32 bytes long. It actually consists of a 16 byte key and a 16 byte so-called initial vector, or IV.

To store this key in the key file it has to be converted to 64 hexadecimal printable characters in the first line, without any spaces or other characters.

The following is an example key file (do not use in production):

000102030405060708090a0b0c0d0e0f00112233445566778899aabbccddeeff

Unlike the example, the key should consist of purely random data. To generate such a random key, you can make use of the openssl tool that is shipped with SSX. Just set up the environment as described in Preparing the environment. You can then issue an OpenSSL call such as the following to generate a key file:

openssl rand -hex 32 > techuser.key

But this is just an example. You can also just type 64 random digits and the characters a through f in a text editor and save that line as a text file.

It is recommended to store the key file in the same place as the technical user credentials file, for example, in ${SSXDIR}/etc/. Ensure that the files can only be read by the user running the products.