IBM Tivoli Netcool/OMNIbus, Version 7.4

Property value encryption

You can use property value encryption to encrypt string values in a properties file or configuration file so that the strings cannot be read without a key. When the process that uses the properties file or configuration file starts up, the strings are decrypted.

You can use this encryption mechanism in the ObjectServer, proxy server, nco_postmsg, LDAP, probe, and gateway properties files. You can also use this mechanism to encrypt passwords that are stored in process agent configuration files.

The property value encryption mechanism uses the Advanced Encryption Standard (AES), which supports keys of 128, 192, and 256 bits, a command-line key generator (nco_keygen), and an encryption utility (nco_aes_crypt). Cryptographic algorithms are also available for use in FIPS 140–2 and non-FIPS 140–2 mode. The procedure is as follows:

  1. Generating a key in a key file
    Run the nco_keygen utility to generate a key and store it in a key file. Command-line options are available for you to either specify a hexadecimal value for the key, or to specify a length in bits for automatic key generation.
  2. Specifying the key file as a property
    In the properties file in which you want to specify an encrypted string value, set the value of the ConfigKeyFile property to the file path and file name of the key file that was generated by the nco_keygen utility.
  3. Encrypting a string value with the key
    Use the nco_aes_crypt utility to encrypt a string value with the key that was generated by the nco_keygen utility.
  4. Adding an encrypted value to a properties file
    After encrypting a string value, add it to the properties file within which you want to hide the actual value.
Parent topic: Tivoli Netcool/OMNIbus user access security
Related reference:
Switching your installation to FIPS 140-2 mode
nco_aes_crypt command-line options