| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| How to get the WMB keystore password from a JavaComputenode? |
« View previous topic :: View next topic » |
| Author |
Message
|
| RobWin |
 Posted: Thu Mar 19, 2009 5:43 am Post subject: How to get the WMB keystore password from a JavaComputenode? |
 |
|
Newbie
Joined: 14 Dec 2006
Posts: 4
|
Hello,
we must comply with the Payment Card Industry (PCI) Data Security Standards (DSS) in our project.
We would like to develop a JavaCompute Node or Java Procedure, which enables us to encrypt only the crucial parts of a message and not the whole message. The component would be based on the Java Cryptography Extension and a symmetric algorithm. We would like to store the secret key in the java keystore of the Message Broker v6.1.0.3.
Our problem is: What is the best solution to access the password of the message broker keystore from our Java code dynamically?
From our understanding, it is possible to change the keystore password by using the mqsisetdbparms command.
And i think it is possible to access the Broker runtime properties (NAME_BROKERKEYSTOREFILE and NAME_BROKERKEYSTOREPASS) by using the Configuration Manager Proxy API, but is there a better solution? |
|
| Back to top |
|
 |
| mqjeff |
| Posted: Thu Mar 19, 2009 5:48 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
|
| Back to top |
|
|
| RobWin |
| Posted: Thu Mar 19, 2009 6:19 am Post subject: |
|
|
Newbie
Joined: 14 Dec 2006
Posts: 4
|
| Thanks, but we must assure that specific elements of a message, which may be stored in the a database or in a file, are encrypted. Correct me if i'm wrong, but i think WBM 6.1 does not have any feature for such a requirement, except for WebService nodes. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Thu Mar 19, 2009 6:38 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
... I suppose Policy Sets don't quite let you use any modelled message...
You should raise a requirement with the Broker development team to enhance this.
Most people solve the Database problem by having the database encrypt the column.
You *can* run CMP API operations from inside a JVM. But I would be rather a bit surprised if NAME_BROKERKEYSTOREPASS was returned to the CMP API in the clear.
JCNs already run inside the Broker's JVM, which presumably already has the keystore open. So it's possible that you don't need the password in the first place, if you can get at the Broker's SecurityProvider. |
|
| Back to top |
|
|
| RobWin |
| Posted: Thu Mar 19, 2009 7:01 am Post subject: |
|
|
Newbie
Joined: 14 Dec 2006
Posts: 4
|
| Thanks for your quick answers. I think you are right with NAME_BROKERKEYSTOREPASS. I will look into your second suggestion. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
