Data Encryption

Data encryptions is done using four basic concepts: the keystore, master password, encrypted data synchronization, and the keystore console.

  • KeyStore – the location where the encryption keys used by IdentityIQ are persisted.

  • Master Password – the entire keystore can be encrypted with an ascii password. This is the keystore or master password. You can change the keystore password using the keystore console command. Only one master password can exist. When the master password changes the entire keystore and master password file are re-encrypted and rewritten.

  • Encryped Data Synchronization – the process of re-encrypting existing data with the newest key in the keystore.

  • Keystore Console – the tool (spt keystore) used to manage the keystore and master password.

The keystore and master password are file based and secured by the file system. They are stored in two separate files. The files can be located in the IdentityIQ deployment directory or placed in an alternative directory during configuration. By default the files are stored in the following location:

keystorePassword = WEB-INF/classes/iiq.cfg
keystore = WEB-INF/classes/iiq.dat

An alternate keystore file location, password file, or just password in clear text can be specified in the iiq.properties file under these keys:

keyStore.file
keyStore.passwordFile

spt KeyStore Console Commands

Encrypted Data Synchronization

Using IdentityIQ KeyStore