...
The challenge with a shared secret is the exchange of the key.
Option 1 - Shared via Secure Exchange
SSHA generates the shared key and passes the key to TIS which adds the key to a property file in websphere
...
WebSphere
Option 2 - Sharing the KeyStore
The shared key is generated using the Java Keytool and is saved in a password protected keystore KeyStore (using a store type of PKCS12).
SSHA extracts the key from the store and uses it
Generate Keys in
...
| language | bash |
|---|---|
| title | Key Pair |
...
encrypt.
The WebSphere cell is configured to use the Keystore. The application extracts the shared key to use for the decryption.
Option 3 - Exchange the Shared Key using a Public / Private Key Pair
TIS generates a self signed private and public key pair and stores it in a KeyStore. The public key is shared with SSHA. Whenever the shared key is changed SSHA encrypts the shared key using the public key and stores the encrypted shared key in the NAS.
WebSphere is configured with the Keystore containing the public / private key. The application always picks up the encrypted shared key, decrypts the shared key using the private key and decrypts the file using the shared key.
The key pair must be regenerated on an annual basis.