During bootstrap, if the repository detects a missing secret key keystore, it’ll dynamically create a keystore containing a single metadata secret key. In order to do this, the repository assumes the existence of a keystore metadata file containing information about the metadata key. Specifically, it expects the following properties to be set:
Property | Description |
---|---|
[keystore-id].password | The keystore password. |
[keystore-id].aliases | A comma separated list of aliases for the keys in the keystore. |
[keystore-id].[alias].keyData | Key data bytes in base64. |
[keystore-id].[alias].algorithm | Specifies the key algorithm used to generate the secret key.Each Java environment may support a different set of algorithms. For the list of algorithm names that can be specified, see SecretKeyFactory Algorithms.For keytool defaults specific to the secret key generation, see the Oracle documentation - keytool. |
[keystore-id].[alias].password | Key password. |
The keyData can be generated by executing the class org.alfresco.encryption.GenerateSecretKey as shown below:
java -classpath "projects/3rd-party/lib/commons/commons-codec-1.4.jar:projects/core/build/dist/alfresco-core-4.0.a.jar" org.alfresco.encryption.GenerateSecretKey