Built by Maven

Frequently Asked Questions

Keys

  1. Where do I find the keys (public, shared and private) in my WebSphere or Liberty Profile?
  2. Where do I find the password for the shared key and the private key?
  3. How do I decrypt the encrypted keys?

Keys

Where do I find the keys (public, shared and private) in my WebSphere or Liberty Profile?

The default path is ${server.output.dir}/resources/security/ltpa.keys. The path can be specified using keysFileName. The file will look like this:

#Fri Mar 24 17:00:11 CET 2017
com.ibm.websphere.CreationDate=Fri Mar 24 17\:00\:11 CET 2017
com.ibm.websphere.ltpa.version=1.0
com.ibm.websphere.ltpa.3DESKey=JvywHhxC+EhtUdeusbo31E5IUOEPmbMxMnKTTOB39fo\=
com.ibm.websphere.CreationHost=localhost
com.ibm.websphere.ltpa.PrivateKey=dP4F2H1MSphvjXHFnLqc1sUYiM83Mkg5MzCQWbxya0xMLPl6lwSbC9+SuCpbHTb9Qdl1w3d5bcDf400tBnfStdtkRYSOeo9oEbXOG4RqIV0x3WZx7AyJ5D8wVIfzOjgvfdQXqNkoiatyMwptvCytyEVbWH2kj3j0gB8O2/miPsbnZqNdIRDAt4TE2YjhVagC/ZP2xxxwncLDexF8Bme7NaMtJUlGMe8Nhkb61Z52PU2FHJAF6zPaTwj+JcZ/tg63lr5wRI9hGFOb7MhBrhgm9YiBqPOT30Crl28FHtTP9pnrqiC45QxU3aXVsYFh0hXptkkK9HeTk/YWFjDPVlfg9azrgGq64wHHg3cSjV21GAE\=
com.ibm.websphere.ltpa.Realm=defaultRealm
com.ibm.websphere.ltpa.PublicKey=AOECPMDAs0o7MzQIgxZhAXJZ2BaDE3mqRZAbkbQO38CgUIgeAPEA3iWIYp+p/Ai0J4//UOml20an+AuCnDGzcFCaf3S3EAiR4cK59vl/u8TIswPIg2akh4J7qL3E/qRxN9WD945tS3h0YhJZSq7rC22wytLsxbFuKpEuYfm1i5spAQAB

You will need com.ibm.websphere.ltpa.3DESKey, com.ibm.websphere.ltpa.PrivateKey and com.ibm.websphere.ltpa.PublicKey. All of them are encoded while some of them are encrypted prior.

com.ibm.websphere.ltpa.3DESKey is the encrypted shared key that is used to encrypt the LTPA2-Token.

com.ibm.websphere.ltpa.PrivateKey is your encrypted private key that you will need if want to send an LTPA2-Token.

com.ibm.websphere.ltpa.PublicKey is the corresponding public key that the receiver of the token you created needs to verify the token signature. That's not what you need, unless you want send tokens to yourself. You need the public key from the service that sends you LTPA2-tokens. Speek with the administrator of that service, he can give it to you.

Source

Where do I find the password for the shared key and the private key?

In the attribute keysPassword in your server configuration. If it is xor encoded (which it probably is), you can decode it. There is this litte tutorial that will help you to do so. Or you can use this site which has a JavaScript implementation (check the source of the page). Or just google it!

How do I decrypt the encrypted keys?

com.ibm.websphere.ltpa.3DESKey and com.ibm.websphere.ltpa.PrivateKey are encrypted with the password. The utility class LtpaKeyUtils provides methods for restoring the keys including decrypting the private key (decryptPrivateKey) and the shared key (decryptSharedKey).