000011859 - RKM Client: How to enable lockbox

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011859
Applies ToRSA Key Manager Client 2.5 and later
RSA Key Manager Client
Java
IssueRKM Client: How to enable lockbox
Resolution

RKM C Client:

When the lockbox is enabled, the lockboxAdminPassword, clientCredentialPassword, and cachePassword values are replaced with "<lockbox>" in the config file.

Set the following in the config file (e.g. test_init.cfg):

  svcType=globalSvc
  ...
  lockbox=true
  lockboxAdminPassword=YourLockboxPassword1!
  ...
  svcType=transportSvc
  ...
  client.registrationfile=config/test_appreg.cfg


and set the following in the registration file (e.g. test_appreg.cfg):

  client.registration_state=0
   (for Client registration)

or

  client.registration_state=1
   (for Identity enrollment and client registration)

and if you have registered an RKM Client application from this client machine before, you can set a new

  client.app_name

 

The following lockbox files will be created:

  test_appreg.cfg.FCD
  - consists of '#' characters

  test_appreg.cfg.state
  - consists of
    locboxState=true

and test_appreg.cfg will be replaced with a base64-encoded file with encrypted values. 


The lockbox feature is described in the RSA Key Manager Java Client Installation Guide (rkmc/doc/install.pdf).  The basic steps to set up the lockbox are

- Copy the lockbox DLLs to a directory in the system's PATH environment variable
- Copy the lockbox jar files to a directory in the Java class path
- Set client.lockbox=true and the client.lockbox_admin_password in the configuration file


The following lockbox files will be created when you initialize the RKM Client (e.g. if client.registration_file is "client.reg"):

  client.reg.FCD
  - consists of '#' characters (The length and date of this file are used to keep track of lockbox updates.  The actual content is not important.)

  client.reg.state
  - consists of
    client.lockbox_state=true

and client.reg will be replaced with a base64-encoded file with encrypted values.

 

You can leave these files as-is and should not edit them.

NotesAlso, clientkeystorePassword, cachePassword and the lockbox admin password are removed from from the config file. (Note that the Java client will not update the config file if the config file was not passed into the KMConfig constructor.)
Legacy Article IDa48730

Attachments

    Outcomes