Key Creation

To create or manage the keystore: navigate to the WEB-INF/bin folder and start the IdentityIQ KeyStore console with the keystore command:

  1. Navigate to the WEB-INF/bin folder and start the IdentityIQ Keystore console with the keystore command.

iiq keystore

  1. The console displays a prompt similar to the IdentityIQ console. Use the help to list all accepted KeyStore Console commands. For example, use the addKey command to create a new key and the list command to view the contents of the keystore.

> addKey
Generate a new encryption key (y/n)?
y
Generating a new encryption key for keystore
[/var/tomcat/webapps/identityiq/WEB-INF/classes/spt.dat].
New encrpytion key successfully saved to keystore.
All application servers must be restarted for changes to take effect.
>

Note: If the keystore file does not exist, it is created and a new, randomly generated key is added.

  1. The list command displays the newly created key:

> list
Listing contents for keystore
[/var/tomcat/webapps/iiq6/WEB-INF/classes/iiq.dat].
KeyAlias Algorithm Format Object

2 AES RAW javax.crypto.spec.SecretKeySpec@fffe81cd
>

  1. Use the exit command to leave the console.

  2. Restart your application server.
    After you restart the application server, any newly set password is encrypted using the new encryption key. Without the files iiq.dat and iiq.cfg, passwords cannot be decrypted by IdentityIQ.
    If you run more than one instance of IdentityIQ, you must place the following files in the WEB-INF/classes folder of each instance, or in the location specified in iiq.properties.