Change the Application Engine encryption key strength

Use this procedure to generate new encryption keys after installing Application Engine.

In this procedure, where the Windows and UNIX paths are identical except for the separators, the Windows format is used. The procedure refers to folders that are located where you installed Application Engine, referred to in the instructions below as <AE_install_location>. The default installation locations are as follows:

To generate new encryption keys

  1. Verify that the javaapi.jar file exists in the <AE_install_location>Workplace\WEB-INF\lib folder. If it does not exist, you must first run the Content Engine Client installer. For instructions, see "Task 3: Install the latest Content Engine Client files on Application Engine servers" in the FileNet P8 Platform Installation and Upgrade Guide.
  2. Remove the UTCryptoKeyFile.properties file from the <AE_install_location>\Authentication folder by moving, renaming, or deleting it. The file cannot exist in this folder when you run the command in the following step.
  3. From a command prompt, enter the following command on one line in the <AE_install_location>\Workplace\WEB-INF\lib folder. Note that the angle bracket (>) redirects the command output to the UTCryptoKeyFile.properties file in the specified location.

    java -cp javaapi.jar com.filenet.wcm.api.util.MakeCryptoKeys -n <number_of_keys> [-s <size_in_bits>] > "<path_to_crypto_key_file>\UTCryptoKeyFile.properties"

    where

    number_of_keys is the number of encryption keys to be created. The value must be a number between 1 and 100.

    size_in_bits is the encryption level of the keys. The higher the value, the stronger the key encryption is. The value you use depends on the version of your javaapi.jar file, as follows:

    • Content Engine v4.5: The value must be 128, 192, or 256. If you do not provide a value, the default size is 128.
    • Content Engine earlier than v4.5: The value must be a multiple of 8 within the range of 32 to 448, inclusive.

    path_to_crypto_key_file is the path to the folder where the UTCryptoKeyFile.properties file is located.

    For example, enter the following command to create three encryption keys using 256-bit encryption on a Windows system.

    C:\Program Files\FileNet\AE\Workplace\WEB-INF\lib>java -cp javaapi.jar com.filenet.wcm.api.util.MakeCryptoKeys -n 3-s 256 > "C:\Program Files\FileNet\Authentication\UTCryptoKeyFile.properties"