Versions Compared

Old Version 23

changes.mady.by.user Kalpana Malladi

Saved on

compared with

New Version Current

changes.mady.by.user Kalpana Malladi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Error

Reason

Resolution

Error retrieving key for alias from KeyStore.

Either the configuration is invalid or the key alias is missing.

Verify that the KeyStore parameters in the account settings are accurate and that it contains the secret key associated with the specified alias.

Key store load error.

The KeyStore specified is incorrect.

Ensure the provided KeyStore password and type are correct and match the KeyStore requirements.

Account Encryption

Standard Encryption

If you are using Standard Encryption, the High sensitivity settings under Enhanced Encryption are followed.

Enhanced Encryption

If you have the Enhanced Account Encryption feature, the following describes which fields are encrypted for each sensitivity level selected per each account.

  • High: KeyStore password

  • Medium + High: KeyStore password

  • Low + Medium + High:  KeyStore password

Panel

Regarding KeyStore

There are multiple ways to specify the Key Store. It can be:

  1. Located on SLFS (by uploading the Key Store file)

  2. On the host machine that is hosting the JCC

  3. On an accessible web location

To generate a Key Store file, one can use the keytool utility that comes packaged with JDKs. Here're some useful keytool commands:

  • To create a key store with an AES key

    Code Block
    keytool -genseckey -keystore <keystore file name> -storetype jceks -storepass <store password> -keyalg AES -keysize 256 -alias <key alias>

  • To create a key store with 512 bit key

    Code Block
    keytool -genseckey -keystore <keystore file name> -storetype jceks -storepass <store password> -keyalg HMACSHA1 -keysize 512 -alias <key alias>

  • To import keys from one key store to another

    Code Block
    keytool -importkeystore -srckeystore <src keystore file> -srcstoretype jceks  -destkeystore <dest keystore file> -deststoretype jceks -deststorepass <dest store password>

  • To update the password for a key in a keystore

    Code Block
    keytool -storetype jceks -keypasswd -keystore <keystore file> -alias <key alias> -keypass <old key password> -new <new key password>

  • To list keys in a key store file

    Code Block
    keytool -list -v  -storetype jceks -keystore <keystore file>


Insert excerpt
JWT Snap Pack
JWT Snap Pack
nopaneltrue