Automatic keystore generation - Alfresco Content Services - 23.4 - 23.4 - Ready - Alfresco - external

Alfresco Content Services

Platform
Alfresco
Product
Alfresco Content Services
Release
23.4
License

During bootstrap, if the repository detects a missing secret key keystore, it’ll dynamically create a keystore containing a single metadata secret key. In order to do this, the repository assumes the existence of a keystore metadata file containing information about the metadata key. Specifically, it expects the following properties to be set:

Property Description
[keystore-id].password The keystore password.
[keystore-id].aliases A comma separated list of aliases for the keys in the keystore.
[keystore-id].[alias].keyData Key data bytes in base64.
[keystore-id].[alias].algorithm Specifies the key algorithm used to generate the secret key.Each Java environment may support a different set of algorithms. For the list of algorithm names that can be specified, see SecretKeyFactory Algorithms.For keytool defaults specific to the secret key generation, see the Oracle documentation - keytool.
[keystore-id].[alias].password Key password.

The keyData can be generated by executing the class org.alfresco.encryption.GenerateSecretKey as shown below:

java -classpath "projects/3rd-party/lib/commons/commons-codec-1.4.jar:projects/core/build/dist/alfresco-core-4.0.a.jar"
 org.alfresco.encryption.GenerateSecretKey