Package com.ibm.di.api.security

Class CryptoUtils

  • public class CryptoUtils
extends java.lang.Object
    This class represents the Server's cryptographic module. It is initialized by the Server at startup.

    • Constructor Summary

      Constructors 
      Constructor Description
      CryptoUtils()  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static byte[] decryptSecurityRegistry​(byte[] data)
      Decrypt User Registry contents with the Server encryption key.
      static byte[] decryptWithServerKey​(byte[] data)
      Decrypt data with the Server encryption key.
      static byte[] encryptWithServerKey​(byte[] data)
      Encrypt data with the Server encryption key.
      static Crypto getCrypto​(java.lang.String keyAlias, java.lang.String transformation)
      Create a Crypto object using a specified Certificate.
      static Crypto getDefaultCrypto()
      Retrieve an object representation of the Server's encryption/decryption functionality.
      static java.lang.String[] getKeyStoreAliases()
      Returns a list of the server Certificate aliases.
      static void init​(java.lang.String keyStorePass, java.lang.String keyPass)
      Initialize this module.
      static void main​(java.lang.String[] args)
      The entry-point of the cryptoutils command-line tool.
      static byte[] readFile​(java.lang.String fileName)
      Read a whole file as binary.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • MODE_ENCRYPT

        public static final java.lang.String MODE_ENCRYPT
        Encrypt User Registry. Encrypted files are written as binary and not prefixed by marker signature.
        See Also:
        Constant Field Values

      • MODE_DECRYPT

        public static final java.lang.String MODE_DECRYPT
        Decrypt User Registry.
        See Also:
        Constant Field Values

      • MODE_CENCRYPT

        public static final java.lang.String MODE_CENCRYPT
        Encrypt a TDI configuration file. Encrypted files are written as binary and prefixed by marker signature.
        See Also:
        Constant Field Values

      • MODE_CDECRYPT

        public static final java.lang.String MODE_CDECRYPT
        Decrypt a TDI configuration file.
        See Also:
        Constant Field Values

      • MODE_PENCRYPT

        public static final java.lang.String MODE_PENCRYPT
        Encrypt a TDI properties file. The file is not encrypted as a whole - only values of protected properties are encrypted. Both the input and the output of the operation are text files which use the default encoding for the platform.
        See Also:
        Constant Field Values

      • MODE_PDECRYPT

        public static final java.lang.String MODE_PDECRYPT
        Decrypt a TDI properties file. The file is not decrypted as a whole - only encrypted property values are decrypted. Both the input and the output of the operation are text files which use the default encoding for the platform.
        See Also:
        Constant Field Values

      • ENCRYPTION_PROP_SERVER_KEYSTORE

        public static final java.lang.String ENCRYPTION_PROP_SERVER_KEYSTORE
        System property that specifies the path to the keystore which hosts the Server encryption key. The password for that keystore is located in the Server Stash File.
        See Also:
        Constant Field Values

      • ENCRYPTION_PROP_SERVER_KEYSTORE_TYPE

        public static final java.lang.String ENCRYPTION_PROP_SERVER_KEYSTORE_TYPE
        System property that specifies the type of the keystore which hosts the Server encryption key.
        See Also:
        Constant Field Values

      • ENCRYPTION_PROP_SERVER_TRANSFORMATION

        public static final java.lang.String ENCRYPTION_PROP_SERVER_TRANSFORMATION
        System property that specifies the cryptographic transformation used by the Server for encryption. Can be either "RSA" or some secret key transformation, which a call to javax.crypto.Cipher.getInstance would accept. For example "AES/CBC/PKCS5Padding". The transformation must explicitly require a secret key. Password-based (PBE) transformations are not supported.
        See Also:
        Constant Field Values

      • ENCRYPTION_PROP_SERVER_KEY_ALIAS

        public static final java.lang.String ENCRYPTION_PROP_SERVER_KEY_ALIAS
        System property that specifies the alias of the Server encryption key.
        See Also:
        Constant Field Values

    • Constructor Detail

      • CryptoUtils

        public CryptoUtils()

    • Method Detail

      • init

        public static void init​(java.lang.String keyStorePass,
                        java.lang.String keyPass)
                 throws java.lang.Exception
        Initialize this module. This method must be called before using any of the other methods.
        Parameters:
        keyStorePass - a password for the keystore that hosts the Server encryption key
        keyPass - a password for the key inside the keystore
        Throws:
        java.lang.Exception - the module is already initialized; a required system property is missing; the key cannot be retrieved; the encryption transformation is not supported; the key is not suitable for the encryption transformation

      • main

        public static void main​(java.lang.String[] args)
                 throws java.lang.Exception
        The entry-point of the cryptoutils command-line tool. Invoke with no arguments to print a brief usage manual.
        Parameters:
        args - command-line arguments
        Throws:
        java.lang.Exception - operation error

      • readFile

        public static byte[] readFile​(java.lang.String fileName)
                       throws java.io.IOException
        Read a whole file as binary.
        Parameters:
        fileName - file to read
        Returns:
        file contents
        Throws:
        java.io.IOException - error while reading the file

      • decryptSecurityRegistry

        public static byte[] decryptSecurityRegistry​(byte[] data)
                                      throws java.lang.Exception
        Decrypt User Registry contents with the Server encryption key.
        Parameters:
        data - User Registry contents
        Returns:
        decrypted data
        Throws:
        java.lang.Exception - this module is not initialized or some cryptographic error occurred

      • encryptWithServerKey

        public static byte[] encryptWithServerKey​(byte[] data)
                                   throws java.lang.Exception
        Encrypt data with the Server encryption key.
        Parameters:
        data - data to encrypt
        Returns:
        encrypted data
        Throws:
        java.lang.Exception - this module is not initialized or some cryptographic error occurred

      • decryptWithServerKey

        public static byte[] decryptWithServerKey​(byte[] data)
                                   throws java.lang.Exception
        Decrypt data with the Server encryption key.
        Parameters:
        data - encrypted data
        Returns:
        decrypted data
        Throws:
        java.lang.Exception - this module is not initialized or some cryptographic error occurred

      • getDefaultCrypto

        public static Crypto getDefaultCrypto()
                               throws java.lang.Exception
        Retrieve an object representation of the Server's encryption/decryption functionality. The returned object is thread-safe.
        Returns:
        Server's cryptographic object
        Throws:
        java.lang.Exception - this module is not initialized

      • getCrypto

        public static Crypto getCrypto​(java.lang.String keyAlias,
                               java.lang.String transformation)
                        throws java.lang.Exception
        Create a Crypto object using a specified Certificate.
        Parameters:
        keyAlias - The alias for the Certificate
        transformation - The Crypto algorithm/transformation to use
        Returns:
        a cryptographic object
        Throws:
        java.lang.Exception - this module is not initialized
        Since:
        7.1

      • getKeyStoreAliases

        public static java.lang.String[] getKeyStoreAliases()
                                             throws java.lang.Exception
        Returns a list of the server Certificate aliases. An empty string is the first element in the array, for convenience.
        Returns:
        a list of the server Certificate aliases
        Throws:
        java.lang.Exception - if this module is not initialized
        Since:
        7.1