This section describes how the PSO can encrypt and decrypt the security.properties file using securetool. For information about securetool, see Chapter 4, “Using securetool.”
WARNING! The keyFile property must remain in plain text in the security.properties file; otherwise, Enterprise Security services do not work.
Encrypting security.properties
This procedure reads the security.properties file, and writes the encrypted contents to the security.properties.enk file. Both of these files must be in the same directory.
Make a backup copy of security.properties, and save it in a secure location.
Change to the SECURITY/bin directory, and run:
securetool enc_dec_file --operation encrypt --username pso --password pso_password --input_file <propspath>security.properties --output_file <propspath>security.properties.enk
Where pso and pso_password are the user name and password for the PSO, and <propspath> is the path to the security.properties file.
Edit security.properties and delete everything, except the properties that must be in plain text. The file must contain at least the keyFile property.
If a property is defined in both security.properties and security.properties.enk,
the property value in security.properties.enk takes precedence
over the value in security.properties.
Decrypting security.properties.enk
To decrypt the security.properties.enk file, change to the SECURITY/bin directory, and run:
securetool enc_dec_file --operation decrypt --username pso --password pso_password --input_file security.properties.enk --output_file security.properties
Where pso and pso_password are the user name and password for the PSO.
Changing an encrypted property value
To change a property value that is encrypted in the security.properties.enk file:
Decrypt security.properties.enk.
Edit security.properties to change the property value.
Reencrypt security.properties.
Edit security.properties to remove the properties that should not remain in plain text.
