You can enable an Advanced Encryption Standard (AES) custom key manager to generate a key
for AES password encryption. Do this enablement in rare situations where the default key manager
does not implement a specific requirement that meets your key generation needs.
Before you begin
Create a custom class for the AES key manager and put the JAR file that contains the custom
class in the directory for the class path. For more information, see Creating a custom AES key manager.
About this task
You can use this procedure for both the client environment and the server environment to set the
class name of the custom AES key manager in the passwordUtil properties files.
Procedure
-
Start the wsadmin scripting tool.
-
For the server environment, enable or modify AES password encryption.
If AES password encryption is not enabled, set the class name on the -aesCustomKeyManager
parameter of the
enablePasswordEncryption as in the following command
example.
$AdminTask enablePasswordEncryption {[-aesCustomKeyManager com.myco.crypto.key.MyAesKeyManager ]}
If AES password encryption is enabled, set the class name on the -aesCustomKeyManager parameter
of the
modifyPasswordEncryption command as in the following
example:
$AdminTask modifyPasswordEncryption {[-aesCustomKeyManager com.myco.crypto.key.MyAesKeyManager ]}
-
For the server environment, run the node synchronization for propagating the configuration
change to the nodes.
-
For the server environment, restart the servers.
- Optional:
For the client environment, enable or modify AES password encryption.
If AES password encryption is not enabled, enable it as in the following command example.
- Set the class name on the -aesCustomKeyManager parameter of the
enablePasswordEncryption.
- Set the -clientPropsLocation parameter to the location of the
passwordUtil.properties file.
$AdminTask enablePasswordEncryption {[-clientPropsLocation /usr/WAS/AppClient -aesCustomKeyManager com.myco.crypto.key.MyAesKeyManager ]}
If AES password encryption is enabled, set the class name on the -aesCustomKeyManager parameter
of the
modifyPasswordEncryption command as in the following
example:
$AdminTask modifyPasswordEncryption {[-clientPropsLocation /usr/WAS/AppClient -aesCustomKeyManager com.myco.crypto.key.MyAesKeyManager ]}
- Optional:
For the client environment, put the modified passwordUtil.properties file
in the location where the client environment is configured.