Implementing custom password encryption

WebSphere® Application Server supports the use of custom password encryption.

Before you begin

An installation can implement any password encryption algorithm it chooses.

About this task

Complete the following steps to implement custom password encryption:

Procedure

  1. Build your custom password encryption class. An example of a custom password encryption class follows.
    // CustomPasswordEncryption
    // Encryption and decryption functions
    public interface CustomPasswordEncryption {
        public EncryptedInfo encrypt(byte[] clearText) throws PasswordEncryptException;
        public byte[] decrypt(EncryptedInfo cipherTextInfo) throws PasswordEncryptException;
        public void initialize(HashMap initParameters);
    };
    // Encapsulation of cipher text and label
    public class EncryptedInfo {
        public EncryptedInfo(byte[] bytes, String keyAlias);
        public byte[] getEncryptedBytes();
        public String getKeyAlias();
    };
    
  2. [Fix Pack 11 or later] If you need to custom encode passwords in property files, manually edit the PropFilePasswordEncoder.sh or PropFilePasswordEncoder.bat file.
    1. Use a file editor to open the PropFilePasswordEncoder.sh or PropFilePasswordEncoder.bat file.
    2. Locate the following lines near the end of the file:
      "%JAVA_HOME%/bin/java" -Dcmd.properties.file=%TMPJAVAPROPFILE%   
      "-Dwas.install.root=%WAS_HOME%" com.ibm.ws.bootstrap.WSLauncher         
      com.ibm.ws.security.util.PropFilePasswordEncoder %1 %2
    3. Add following lines to the call.

      These custom properties will be passed to the command so that PropFilePasswordEncoder will look for custom encoding classes and utilize it.

      -Dcom.ibm.wsspi.security.crypto.customPasswordEncryptionEnabled=true    
      -Dcom.ibm.wsspi.security.crypto.customPasswordEncryptionClass=(customEncoding class file)

    The updated lines should look like the following lines:

    "%JAVA_HOME%/bin/java" -Dcmd.properties.file=%TMPJAVAPROPFILE%          
    -Dcom.ibm.wsspi.security.crypto.customPasswordEncryptionEnabled=true    
    -Dcom.ibm.wsspi.security.crypto.customPasswordEncryptionClass=(customEncoding class file)                                                       
    "-Dwas.install.root=%WAS_HOME%" com.ibm.ws.bootstrap.WSLauncher         
    com.ibm.ws.security.util.PropFilePasswordEncoder %1 %2
  3. Enable custom password encryption.
    1. Set the custom property com.ibm.wsspi.security.crypto.customPasswordEncryptionClass to the name of the class that is to be given control.
    2. Enable the function. Set the custom property, com.ibm.wsspi.security.crypto.customPasswordEncryptionEnabled to true.

Results

Custom password encryption at the installation is complete.



In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic    

Terms of Use | Feedback

Last updated: Oct 21, 2010 10:04:34 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=compass&product=was-nd-mp&topic=tsec_pwencrypt
File name: tsec_pwencrypt.html