com.ibm.di.api.security
Class CryptoUtils

java.lang.Object
  extended by com.ibm.di.api.security.CryptoUtils

public class CryptoUtils
extends java.lang.Object

This class represents the Server's cryptographic module. It is initialized by the Server at startup.


Field Summary
static java.lang.String ENCRYPTION_PROP_SERVER_KEY_ALIAS
          System property that specifies the alias of the Server encryption key.
static java.lang.String ENCRYPTION_PROP_SERVER_KEYSTORE
          System property that specifies the path to the keystore which hosts the Server encryption key.
static java.lang.String ENCRYPTION_PROP_SERVER_KEYSTORE_TYPE
          System property that specifies the type of the keystore which hosts the Server encryption key.
static java.lang.String ENCRYPTION_PROP_SERVER_TRANSFORMATION
          System property that specifies the cryptographic transformation used by the Server for encryption.
static java.lang.String MODE_CDECRYPT
          Decrypt a TDI configuration file.
static java.lang.String MODE_CENCRYPT
          Encrypt a TDI configuration file.
static java.lang.String MODE_DECRYPT
          Decrypt User Registry.
static java.lang.String MODE_ENCRYPT
          Encrypt User Registry.
static java.lang.String MODE_PDECRYPT
          Decrypt a TDI properties file.
static java.lang.String MODE_PENCRYPT
          Encrypt a TDI properties file.
 
Constructor Summary
CryptoUtils()
           
 
Method Summary
static byte[] decryptSecurityRegistry(byte[] data)
          Decrypt User Registry contents with the Server encryption key.
static byte[] decryptWithServerKey(byte[] data)
          Decrypt data with the Server encryption key.
static byte[] encryptWithServerKey(byte[] data)
          Encrypt data with the Server encryption key.
static Crypto getCrypto(java.lang.String keyAlias, java.lang.String transformation)
          Create a Crypto object using a specified Certificate.
static Crypto getDefaultCrypto()
          Retrieve an object representation of the Server's encryption/decryption functionality.
static java.lang.String[] getKeyStoreAliases()
          Returns a list of the server Certificate aliases.
static void init(java.lang.String keyStorePass, java.lang.String keyPass)
          Initialize this module.
static void main(java.lang.String[] args)
          The entry-point of the cryptoutils command-line tool.
static byte[] readFile(java.lang.String fileName)
          Read a whole file as binary.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

MODE_ENCRYPT

public static final java.lang.String MODE_ENCRYPT
Encrypt User Registry. Encrypted files are written as binary and not prefixed by marker signature.

See Also:
Constant Field Values

MODE_DECRYPT

public static final java.lang.String MODE_DECRYPT
Decrypt User Registry.

See Also:
Constant Field Values

MODE_CENCRYPT

public static final java.lang.String MODE_CENCRYPT
Encrypt a TDI configuration file. Encrypted files are written as binary and prefixed by marker signature.

See Also:
Constant Field Values

MODE_CDECRYPT

public static final java.lang.String MODE_CDECRYPT
Decrypt a TDI configuration file.

See Also:
Constant Field Values

MODE_PENCRYPT

public static final java.lang.String MODE_PENCRYPT
Encrypt a TDI properties file. The file is not encrypted as a whole - only values of protected properties are encrypted. Both the input and the output of the operation are text files which use the default encoding for the platform.

See Also:
Constant Field Values

MODE_PDECRYPT

public static final java.lang.String MODE_PDECRYPT
Decrypt a TDI properties file. The file is not decrypted as a whole - only encrypted property values are decrypted. Both the input and the output of the operation are text files which use the default encoding for the platform.

See Also:
Constant Field Values

ENCRYPTION_PROP_SERVER_KEYSTORE

public static final java.lang.String ENCRYPTION_PROP_SERVER_KEYSTORE
System property that specifies the path to the keystore which hosts the Server encryption key. The password for that keystore is located in the Server Stash File.

See Also:
Constant Field Values

ENCRYPTION_PROP_SERVER_KEYSTORE_TYPE

public static final java.lang.String ENCRYPTION_PROP_SERVER_KEYSTORE_TYPE
System property that specifies the type of the keystore which hosts the Server encryption key.

See Also:
Constant Field Values

ENCRYPTION_PROP_SERVER_TRANSFORMATION

public static final java.lang.String ENCRYPTION_PROP_SERVER_TRANSFORMATION
System property that specifies the cryptographic transformation used by the Server for encryption. Can be either "RSA" or some secret key transformation, which a call to javax.crypto.Cipher.getInstance would accept. For example "AES/CBC/PKCS5Padding". The transformation must explicitly require a secret key. Password-based (PBE) transformations are not supported.

See Also:
Constant Field Values

ENCRYPTION_PROP_SERVER_KEY_ALIAS

public static final java.lang.String ENCRYPTION_PROP_SERVER_KEY_ALIAS
System property that specifies the alias of the Server encryption key.

See Also:
Constant Field Values
Constructor Detail

CryptoUtils

public CryptoUtils()
Method Detail

init

public static void init(java.lang.String keyStorePass,
                        java.lang.String keyPass)
                 throws java.lang.Exception
Initialize this module. This method must be called before using any of the other methods.

Parameters:
keyStorePass - a password for the keystore that hosts the Server encryption key
keyPass - a password for the key inside the keystore
Throws:
java.lang.Exception - the module is already initialized; a required system property is missing; the key cannot be retrieved; the encryption transformation is not supported; the key is not suitable for the encryption transformation

main

public static void main(java.lang.String[] args)
                 throws java.lang.Exception
The entry-point of the cryptoutils command-line tool. Invoke with no arguments to print a brief usage manual.

Parameters:
args - command-line arguments
Throws:
java.lang.Exception - operation error

readFile

public static byte[] readFile(java.lang.String fileName)
                       throws java.io.IOException
Read a whole file as binary.

Parameters:
fileName - file to read
Returns:
file contents
Throws:
java.io.IOException - error while reading the file

decryptSecurityRegistry

public static byte[] decryptSecurityRegistry(byte[] data)
                                      throws java.lang.Exception
Decrypt User Registry contents with the Server encryption key.

Parameters:
data - User Registry contents
Returns:
decrypted data
Throws:
java.lang.Exception - this module is not initialized or some cryptographic error occurred

encryptWithServerKey

public static byte[] encryptWithServerKey(byte[] data)
                                   throws java.lang.Exception
Encrypt data with the Server encryption key.

Parameters:
data - data to encrypt
Returns:
encrypted data
Throws:
java.lang.Exception - this module is not initialized or some cryptographic error occurred

decryptWithServerKey

public static byte[] decryptWithServerKey(byte[] data)
                                   throws java.lang.Exception
Decrypt data with the Server encryption key.

Parameters:
data - encrypted data
Returns:
decrypted data
Throws:
java.lang.Exception - this module is not initialized or some cryptographic error occurred

getDefaultCrypto

public static Crypto getDefaultCrypto()
                               throws java.lang.Exception
Retrieve an object representation of the Server's encryption/decryption functionality. The returned object is thread-safe.

Returns:
Server's cryptographic object
Throws:
java.lang.Exception - this module is not initialized

getCrypto

public static Crypto getCrypto(java.lang.String keyAlias,
                               java.lang.String transformation)
                        throws java.lang.Exception
Create a Crypto object using a specified Certificate.

Parameters:
keyAlias - The alias for the Certificate
transformation - The Crypto algorithm/transformation to use
Returns:
a cryptographic object
Throws:
java.lang.Exception - this module is not initialized
Since:
7.1

getKeyStoreAliases

public static java.lang.String[] getKeyStoreAliases()
                                             throws java.lang.Exception
Returns a list of the server Certificate aliases. An empty string is the first element in the array, for convenience.

Returns:
a list of the server Certificate aliases
Throws:
java.lang.Exception - if this module is not initialized
Since:
7.1