You can use the keytool shipped with the encryption proxy distribution to create AES
128-bit and AES 256-bit encryption keys.
Before you begin
Role required: admin
You must use the Java 1.8 version of the keytool utility. A copy of the utility can
be found in <proxy install dir>/java/jre/bin/keytool.
To find out more about the keytool utility, see the Java SE Documentation.
About this task
Note: The Java KeyStore requires that the alias name (key name, key alias) use lowercase
letters and numbers.
Procedure
-
Change to the keystore directory, <installation
directory>/keystore/.
-
To create the encryption key, run one of the following commands.
Note: If you choose to run these commands from a directory other than the
keystore directory, that is you skipped the previous step, you must change
the -keystore option to include the path from your current
directory to the keystore directory. For example, if you were in the
<installation directory>\bin directory, the
option would be -keystore
../keystore/keystore.jceks.
| Option | Description |
|---|
| AES 128 |
keytool -genseckey -alias 128bitkey -keyalg aes -keysize 128
-keystore keystore.jceks -storetype jceks
|
| AES 256 |
keytool -genseckey -alias 256bitkey -keyalg aes -keysize 256
-keystore keystore.jceks -storetype jceks
|
You add the alias on the instance when you assign default keys.
Note: The key password must be the same as the keystore password.