Frequently Asked Questions
Keys
Keys
- Where do I find the keys (public, shared and private) in my WebSphere or Liberty Profile?
-
The default path is
${server.output.dir}/resources/security/ltpa.keys
. The path can be specified usingkeysFileName
. The file will look like this:#Fri Mar 24 17:00:11 CET 2017 com.ibm.websphere.CreationDate=Fri Mar 24 17\:00\:11 CET 2017 com.ibm.websphere.ltpa.version=1.0 com.ibm.websphere.ltpa.3DESKey=JvywHhxC+EhtUdeusbo31E5IUOEPmbMxMnKTTOB39fo\= com.ibm.websphere.CreationHost=localhost com.ibm.websphere.ltpa.PrivateKey=dP4F2H1MSphvjXHFnLqc1sUYiM83Mkg5MzCQWbxya0xMLPl6lwSbC9+SuCpbHTb9Qdl1w3d5bcDf400tBnfStdtkRYSOeo9oEbXOG4RqIV0x3WZx7AyJ5D8wVIfzOjgvfdQXqNkoiatyMwptvCytyEVbWH2kj3j0gB8O2/miPsbnZqNdIRDAt4TE2YjhVagC/ZP2xxxwncLDexF8Bme7NaMtJUlGMe8Nhkb61Z52PU2FHJAF6zPaTwj+JcZ/tg63lr5wRI9hGFOb7MhBrhgm9YiBqPOT30Crl28FHtTP9pnrqiC45QxU3aXVsYFh0hXptkkK9HeTk/YWFjDPVlfg9azrgGq64wHHg3cSjV21GAE\= com.ibm.websphere.ltpa.Realm=defaultRealm com.ibm.websphere.ltpa.PublicKey=AOECPMDAs0o7MzQIgxZhAXJZ2BaDE3mqRZAbkbQO38CgUIgeAPEA3iWIYp+p/Ai0J4//UOml20an+AuCnDGzcFCaf3S3EAiR4cK59vl/u8TIswPIg2akh4J7qL3E/qRxN9WD945tS3h0YhJZSq7rC22wytLsxbFuKpEuYfm1i5spAQAB
You will need
com.ibm.websphere.ltpa.3DESKey
,com.ibm.websphere.ltpa.PrivateKey
andcom.ibm.websphere.ltpa.PublicKey
. All of them are encoded while some of them are encrypted prior.com.ibm.websphere.ltpa.3DESKey
is the encrypted shared key that is used to encrypt the LTPA2-Token.com.ibm.websphere.ltpa.PrivateKey
is your encrypted private key that you will need if want to send an LTPA2-Token.com.ibm.websphere.ltpa.PublicKey
is the corresponding public key that the receiver of the token you created needs to verify the token signature. That's not what you need, unless you want send tokens to yourself. You need the public key from the service that sends you LTPA2-tokens. Speek with the administrator of that service, he can give it to you. - Where do I find the password for the shared key and the private key?
-
In the attribute
keysPassword
in your server configuration. If it is xor encoded (which it probably is), you can decode it. There is this litte tutorial that will help you to do so. Or you can use this site which has a JavaScript implementation (check the source of the page). Or just google it! - How do I decrypt the encrypted keys?
-
com.ibm.websphere.ltpa.3DESKey
andcom.ibm.websphere.ltpa.PrivateKey
are encrypted with the password. The utility classLtpaKeyUtils
provides methods for restoring the keys including decrypting the private key (decryptPrivateKey
) and the shared key (decryptSharedKey
).