You are here

Keystore generation

Keystore generation can be automatic or manual.

Automatic keystore generation

During bootstrap, if the repository detects a missing secret key keystore, it will dynamically create a keystore containing a single metadata secret key. In order to do this, the repository assumes the existence of a keystore metadata file containing information about the metadata key. Specifically, it expects the following properties to be set:
Property Description
metadata.keyData Specifies the key data used to generate the secret key.
metadata.algorithm Specifies the key algorithm used to generate the secret key.

Each Java environment may support a different set of algorithms. For the list of algorithm names that can be specified, see SecretKeyFactory Algorithms.

For keytool defaults specific to the secret key generation, see the Oracle documentation - keytool.

The keyData can be generated by executing the class org.alfresco.encryption.GenerateSecretKey as shown below:
java -classpath "projects/3rd-party/lib/commons/commons-codec-1.4.jar:projects/core/build/dist/alfresco-core-4.0.a.jar"
 org.alfresco.encryption.GenerateSecretKey

Manual keystore generation

A new keystore can be generated using the Java keytool command as shown below:
keytool -genseckey -alias metadata -keypass <metadata key password> -storepass <key store password> -keystore keystore
 -storetype JCEKS -keyalg DESede
Note: Make sure the keystore is placed in the location specified by the property encryption.keystore.location and that the passwords you have used in the keytool commands are placed in the file specified by the property encryption.keystore.keyMetaData.location.

Sending feedback to the Alfresco documentation team

You don't appear to have JavaScript enabled in your browser. With JavaScript enabled, you can provide feedback to us using our simple form. Here are some instructions on how to enable JavaScript in your web browser.