|Applies To||RSA Key Manager Java Client 2.5.x or later|
|Issue||Protecting sensitive configuration data with the RKM Java Client lockbox|
When running the lockbox code, the appropriate files seem to be generated, but the client_keystore_password is not removed from the configuration file.
The 22.214.171.124 C Client Installation Guide and Developer's Guide have more information about the lockbox than the corresponding Java client guides. For example, the 126.96.36.199 C client Developer's Guide has a section called "Application Development" -> "Using the Lockbox", which describes how to setup the lockbox and protect sensitive configuration data. When in doubt, use the C Client guides to help clarify usage.
Be sure to use the KMConfig constructor that takes a configuration file rather than a properties object. If the KMConfig constructor which takes a properties object is used, the RKM Java client won't know the location of the configuration file and won't be able to protect the sensitive data.
The KMConfig constructor that takes the configuration file as an argument also requires the PKCS#12 and cache passwords. If you already have these in the config file, you can pass in null for these here. The Javadoc incorrectly warns against this, saying it will cause an exception (documentation has been updated).
|Legacy Article ID||a47838|