This topic describes the process of automatic and manual keystore generation.
Automatic keystore generation
During bootstrap, if the repository detects a missing secret key keystore, it will dynamically
create a keystore containing a single metadata secret key. In order to do this, the repository
assumes the existence of a keystore metadata file containing information about the metadata key.
Specifically, it expects the following properties to be set:
The keyData can be generated by executing the class
org.alfresco.encryption.GenerateSecretKey as shown
below:
Property | Description |
---|---|
metadata.keyData | Specifies the key data used to generate the secret key. |
metadata.algorithm | Specifies the key algorithm used to generate the secret key. |
java -classpath "projects/3rd-party/lib/commons/commons-codec-1.4.jar:projects/core/build/dist/alfresco-core-4.0.a.jar" org.alfresco.encryption.GenerateSecretKey
Manual keystore generation
A new keystore can be generated using the Java keytool command as shown
below:
keytool -genseckey -alias metadata -keypass <metadata key password> -storepass <key store password> -keystore keystore -storetype JCEKS -keyalg DESede
Note: Make
sure the keystore is placed in the location specified by the property
encryption.keystore.location and that the passwords you have used in the
keytool commands are placed in the file specified by the property
encryption.keystore.keyMetaData.location.