Welcome Guest! Log in
Stambia versions 2.x, 3.x, S17, S18, S19 and S20 are reaching End of Support January, 15th, 2024. Please consider upgrading to the supported Semarchy xDI versions. See Global Policy Support and the Semarchy Documentation.

The Stambia User Community is moving to Semarchy! All the applicable resources have already been moved or are currently being moved to their new location. Read more…


The Runtime offers the possibility to specify a list of keystores in its configuration file.

You can find below how to define them and then how to use them.

Prerequisites:

  • Stambia DI Runtime S17.5.7 or higher

 

About the keystores

Keystores are Java files containing certificates and keys for encryption and decryption.

At the moment the keystores which can be defined in the Stambia DI Runtime can be used only to customize the key used for password cyphering.

 

Configuration

Open the <stambiaRuntime>/properties/engineParameters.xml file.

Then, uncomment or add the keystores node:

<keystores>
        <keystore path="path_to_keystore_file" password="keystore_password" type="JKS">
            <key name="key_functional_name" alias="key_alias_in_keystore" password="key_password"/>
             <...>
        </keystore>
        <keystore path="path_to_keystore_file" password="keystore_password" type="JCEKS">
            <key name="key_functional_name_2" alias="key_alias_in_keystore" password="key_password" blockCipherModeOperation="PCBC/PKCS5Padding"/>
             <...>
        </keystore>
        <...>
</keystores>

 

Keystore node attributes:

Attribute Mandatory Description Example
path yes Absolute path to keystore file. D:/keystores/keystore.jks
password yes Password of the keystore file. password
type no Keystore type. If not defined the default keystore type of the JVM will be used (JKS). JKS

 

Key node attributes:

Attribute Mandatory Description Example
name yes Functional name for referencing the key when using it in the Stambia DI Runtime. This is a logical name defined by the user. runtimekey
alias yes Alias of the key, which must correspond to the alias of an existing key in the keystore. mykey
password yes Password of the key.  
blockCipherModeOperation no

The Block Cipher Mode which that should be used when using this key to encrypt / decrypt values. This is optional and offers the possibility to add an additional layer of security when using the key.

PCBC/PKCS5Padding

 

Using the keys

When the keys are defined, you can start your Stambia DI Runtime to see if everything is configured correctly.

If there is an issue while loading the keys, such as an incorrect password, or wrong configuration, an explicit error should be displayed, and the Stambia DI Runtime will stop.

At the moment keys can be used only for changing the key used for password cyphering.

Refer to this article to learn how to use them for that.

 

 

Articles

Suggest a new Article!