Skip to main content
Skip table of contents

How to Configure Database Protection using HMAC

The following describes how to set up database protection using the HMAC algorithm for integrity protection.

  1. Generate a private key and a certificate.

    CODE 
    openssl ecparam -genkey -name prime256v1 -noout -out key.pem
openssl req -new -x509 -key key.pem -out certificate.pem -days 7300 -subj "/CN=Database Protection"

  2. Put the private key and the certificate in a PKCS#12 file. OpenSSL will ask you for a password that will be used to encrypt the keystore. Make a note of this password, as you will need it later.

    CODE 
    openssl pkcs12 -export -inkey key.pem -in certificate.pem -out bag.p12 -name dbProtect

  3. Print the base64 encoded PKCS#12 file.

    CODE 
    cat bag.p12 | base64 | tr -d '\012'

  4. Put the following configuration in databaseprotection.properties.

    conf/databaseprotection.properties

    CODE 
    databaseprotection.keyid.1 = 234
databaseprotection.keylabel.1 = dbProtect
databaseprotection.classname.1 = org.cesecore.keys.token.SoftCryptoToken
databaseprotection.data.1 = <the base64 encoded bag.p12 goes here>
databaseprotection.tokenpin.1 = <the password for bag.p12>
databaseprotection.version.1 = 1
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close