Resource Registry name files and encryption keys

Each Resource Registry master encryption key has a numeric key ID that uniquely identifies it. A resource name (.mrn) file that has encrypted values specifies the key ID and file name of its master encryption key.

The default master key file name is itx.mkf, located in the .mrn file directory.

For example, the following .mrn file is encrypted by the key with ID 6734, which is stored in the itx.mkf file:


<MRN version=”1.0” key_id=”6734” key_file=”itx.mkf”>
…
<Resource>
  <Name>db_password</Name>
  <Value Server="Production" encrypt="ON" id="5623" iv="240b35b4358e185a071548a0b0ac7d22">
9ad3d263a52819cf944cb4b20106784e0747ac006e7e8d5af4053cd06ed64469</Value>
  <Value Server="Development" encrypt="OFF">dev_password</Value>
</Resource>
...
</MRN>

In the master key file, the entry for the master encryption key with ID 6734 has a format that is similar to the following example:


<MasterKeys>
   <entry>
      <cipher>AES-256-CBC</cipher>
      <key>0be4d263a52819cf944cb4b20106784e0747ac006e7e8d5af4053cd06ed64460</key>
      <iv>351c464c5469f296b182659a1c1ad8e3</iv>
      <id>6734</id>
   </entry>
</MasterKeys>

A master key file can contain multiple master encryption keys. You manually edit a master key file to append keys to it or remove keys from it.