AES encryption

The Advanced Encryption Standard (AES) is a symmetric-key encryption algorithm. In the IBM® TRIRIGA® Administrator Console, you can select the AES Encryption tab to open the AES Encryption Manager page. On new TRIRIGA installations, the System user automatically has access to this manager. On upgraded environments, this access must be given to the System user from the Admin Console User Manager page. Select the Admin Users tab to open this manager.

Important information

Important: As a precaution, you can make regular backups of the TRIRIGA database and back up the PKCS #12 (.p12) keystore files in the following location: [TRIRIGA_installation_directory]/userfiles/resources/security/. The keystores in the /security/ directory and the keystore that is stored on the TRIRIGA database all serve a different purpose and they are all needed.

Server status

The AES Encryption Manager page displays a table that gives the status of the AES encryption keystore password for every TRIRIGA server that is pointing to the same database. If a failed status is displayed for one or more servers, the password must be corrected. To correct the password, log in to the TRIRIGA Administrator Console for each failed server and go to the AES Encryption Manager page.

Encryption utilities

The AES Encryption Manager page also contains utilities to regenerate encryption keys and to change the password for the AES encryption keystore. If the password for the AES encryption keystore is not correct for a particular server, a warning is displayed in the TRIRIGA Administrator Console for that server. The AES Encryption Manager page also indicates that the password is not valid. To correct the password, this page provides a utility that is called Update AES Encryption Keystore Password.

Change AES Encryption Keystore Password

Use this utility to change the AES encryption keystore password for any reason.

By using this utility, the AES encryption keystore password must be updated on all other TRIRIGA servers that are using the same database as the current TRIRIGA server. This update can be done by using the Update AES Encryption Keystore Password utility on those other TRIRIGA servers.

Regenerate AES Encryption Keys

Use this utility to regenerate the AES encryption keys that are stored in the AES encryption keystore.

Update AES Encryption Keystore Password

Use this utility to update and correct the AES encryption keystore password for the current TRIRIGA server.

If the password for the AES encryption keystore is incorrect for a server or is unknown, and must be reset, the Update AES Encryption Keystore Password utility provides an option to force a password change. This option must be used in a worst-case scenario only. By using this option, all reversible encrypted password fields on TRIRIGA records are lost and must be reentered.

If the keystores are accidentally removed for any reason, and backups were not created, the installer must be run again for the affected TRIRIGA server to regenerate the keystore files. When the TRIRIGA server starts up after you re-run the installer, all reversible encryption password fields on TRIRIGA records might be lost and must be reentered.

If further troubleshooting is needed, go to the AES Encryption Manager page to determine which TRIRIGA servers have an invalid password for the AES encryption keystore. The Update AES Encryption Keystore Password utility must be used to either update or force a reset of the password on any TRIRIGA server where the password is detected as invalid.