Skip to content

FAQ

Jump to bottom
sephiroth-j edited this page May 5, 2019 · 2 revisions

Frequently Asked Questions

All about keys

Where do I find the keys (public, shared and private) in my WebSphere or Liberty Profile?

The default path is ${server.output.dir}/resources/security/ltpa.keys. The path can be specified using keysFileName. The file will look like this:

#Fri Mar 24 17:00:11 CET 2017
com.ibm.websphere.CreationDate=Fri Mar 24 17\:00\:11 CET 2017
com.ibm.websphere.ltpa.version=1.0
com.ibm.websphere.ltpa.3DESKey=JvywHhxC+EhtUdeusbo31E5IUOEPmbMxMnKTTOB39fo\=
com.ibm.websphere.CreationHost=localhost
com.ibm.websphere.ltpa.PrivateKey=dP4F2H1MSphvjXHFnLqc1sUYiM83Mkg5MzCQWbxya0xMLPl6lwSbC9+SuCpbHTb9Qdl1w3d5bcDf400tBnfStdtkRYSOeo9oEbXOG4RqIV0x3WZx7AyJ5D8wVIfzOjgvfdQXqNkoiatyMwptvCytyEVbWH2kj3j0gB8O2/miPsbnZqNdIRDAt4TE2YjhVagC/ZP2xxxwncLDexF8Bme7NaMtJUlGMe8Nhkb61Z52PU2FHJAF6zPaTwj+JcZ/tg63lr5wRI9hGFOb7MhBrhgm9YiBqPOT30Crl28FHtTP9pnrqiC45QxU3aXVsYFh0hXptkkK9HeTk/YWFjDPVlfg9azrgGq64wHHg3cSjV21GAE\=
com.ibm.websphere.ltpa.Realm=defaultRealm
com.ibm.websphere.ltpa.PublicKey=AOECPMDAs0o7MzQIgxZhAXJZ2BaDE3mqRZAbkbQO38CgUIgeAPEA3iWIYp+p/Ai0J4//UOml20an+AuCnDGzcFCaf3S3EAiR4cK59vl/u8TIswPIg2akh4J7qL3E/qRxN9WD945tS3h0YhJZSq7rC22wytLsxbFuKpEuYfm1i5spAQAB

You will need com.ibm.websphere.ltpa.3DESKey and com.ibm.websphere.ltpa.PrivateKey. Both are encrypted and base64-encoded.

  • com.ibm.websphere.ltpa.3DESKey is the encrypted shared key that is used to encrypt the LTPA2-Token.
  • com.ibm.websphere.ltpa.PrivateKey is your encrypted private key that you will need if want to send an LTPA2-Token.
  • com.ibm.websphere.ltpa.PublicKey is the corresponding public key that the receiver of the token you created needs to verify the token signature. That's not what you need, unless you want send tokens to yourself. You need the public key from the service that sends you LTPA2-tokens. Speak with the administrator of that service, he can give it to you.

Where do I find the password for the shared key and the private key?

In the attribute keysPassword in your server configuration. If it is xor encoded (which it probably is), you can decode it. There is this little tutorial that will help you to do so. Or you can use this site which has a JavaScript implementation (check the source of the page). Or just google it!

How do I decrypt the encrypted keys?

com.ibm.websphere.ltpa.3DESKey and com.ibm.websphere.ltpa.PrivateKey are encrypted with the password. The utility class LtpaKeyUtils provides methods for restoring the keys including decrypting the private key (decryptPrivateKey) and the shared key (decryptSharedKey).

Clone this wiki locally