Key Creation
To create or manage the keystore: navigate to the WEB-INF/bin
folder and start the IdentityIQ KeyStore console with the keystore command:
-
Navigate to the
WEB-INF/bin
folder and start the IdentityIQ Keystore console with the keystore command.
iiq keystore
-
The console displays a prompt similar to the IdentityIQ console. Use the help to list all accepted KeyStore Console commands. For example, use the addKey command to create a new key and the list command to view the contents of the keystore.
> addKey
Generate a new encryption key (y/n)?
y
Generating a new encryption key for keystore
[/var/tomcat/webapps/identityiq/WEB-INF/classes/spt.dat].
New encrpytion key successfully saved to keystore.
All application servers must be restarted for changes to take effect.
>
Note: If the keystore file does not exist, it is created and a new, randomly generated key is added.
-
The list command displays the newly created key:
> list
Listing contents for keystore
[/var/tomcat/webapps/iiq6/WEB-INF/classes/iiq.dat].
KeyAlias Algorithm Format Object
2 AES RAW javax.crypto.spec.SecretKeySpec@fffe81cd
>
-
Use the exit command to leave the console.
-
Restart your application server.
After you restart the application server, any newly set password is encrypted using the new encryption key. Without the filesiiq
.dat
andiiq
.cfg
, passwords cannot be decrypted by IdentityIQ.
If you run more than one instance ofIdentityIQ
, you must place the following files in theWEB-INF/classes
folder of each instance, or in the location specified iniiq
.properties
.