You are here

Keystore generation

This topic describes the process of automatic and manual keystore generation.

Automatic keystore generation

During bootstrap, if the repository detects a missing secret key keystore, it will dynamically create a keystore containing a single metadata secret key. In order to do this, the repository assumes the existence of a keystore metadata file containing information about the metadata key. Specifically, it expects the following properties to be set:
Property Description
metadata.keyData Specifies the key data used to generate the secret key.
metadata.algorithm Specifies the key algorithm used to generate the secret key.
The keyData can be generated by executing the class org.alfresco.encryption.GenerateSecretKey as shown below:
java -classpath "projects/3rd-party/lib/commons/commons-codec-1.4.jar:projects/core/build/dist/alfresco-core-4.0.a.jar"
 org.alfresco.encryption.GenerateSecretKey

Manual keystore generation

A new keystore can be generated using the Java keytool command as shown below:
keytool -genseckey -alias metadata -keypass <metadata key password> -storepass <key store password> -keystore keystore
 -storetype JCEKS -keyalg DESede
Note: Make sure the keystore is placed in the location specified by the property encryption.keystore.location and that the passwords you have used in the keytool commands are placed in the file specified by the property encryption.keystore.keyMetaData.location.