000026398 - Protecting sensitive configuration data with the RKM Java Client lockbox

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000026398
Applies ToRSA Key Manager Java Client 2.5.x or later
IssueProtecting sensitive configuration data with the RKM Java Client lockbox
When running the lockbox code, the appropriate files seem to be generated, but the client_keystore_password is not removed from the configuration file.

The C Client Installation Guide and Developer's Guide have more information about the lockbox than the corresponding Java client guides.  For example, the C client Developer's Guide has a section called "Application Development" -> "Using the Lockbox", which describes how to setup the lockbox and protect sensitive configuration data.  When in doubt, use the C Client guides to help clarify usage.

Be sure to use the KMConfig constructor that takes a configuration file rather than a properties object.  If the KMConfig constructor which takes a properties object is used, the RKM Java client won't know the location of the configuration file and won't be able to protect the sensitive data.

The KMConfig constructor that takes the configuration file as an argument also requires the PKCS#12 and cache passwords.  If you already have these in the config file, you can pass in null for these here.  The Javadoc incorrectly warns against this, saying it will cause an exception (documentation has been updated).

Legacy Article IDa47838