
							ENCRYPTION	README

Linux:

First generate a simple .keystore file using the Keytool supplied by the JDK. 
The keystore will be used by the application to create and store a 
SecretKeySpec which is used in encrypting and decrypting password properties 
contained in the application's property/properties files.

There are various ways to generate a .keystore file - this document will
outline the process of following prompts and entering each piece of data singularly.

1.Login to the application's host machine - you can remain in the home directory of
   the user used to login with.
2.At a command prompt type >keytool  -genkey  
	you will be prompted with the following:
		
	Enter keystore password:  78787&34j  (!remember this password - it is needed to start the application!)
	What is your first and last name?
	  [Unknown]:  CDS SystemAdministrator (or enter your first and last names)
	What is the name of your organizational unit?
	  [Unknown]:  HDRII/CDS
	What is the name of your organization?
	  [Unknown]:  VA
	What is the name of your City or Locality?
	  [Unknown]:  Salt Lake City
	What is the name of your State or Province?
	  [Unknown]:  Utah
	What is the two-letter country code for this unit?
	  [Unknown]:  US
	Is CN=CDS SystemAdministrator, OU=HDRII/CDS, O=VA, L=Salt Lake City, ST=Utah, C=
	US correct?
	  [no]:  yes

	Enter key password for <mykey>
        (RETURN if same as keystore password):  (just hit the enter key and return)

	The .keystore file is created and stored in your home directory.  This file can 
	remain in the home directory or it can be moved elsewhere such as the root of 
	the application being installed.  It is important that for the life of the 
	.keystore file that it is not inadvertently overwritten.  

3. After the .keystore file has been generated locate the application's property file,
usually in the root of the application installed and edit the following property:
		
		cds.keystore.properties.path=[Enter a path to the .keystore file relative to the application's bin directory]

		if you have moved the .keystore to the root directory of the application then enter:
		cds.keystore.properties.path=../.keystore

4. When starting the application there are two System properties required in order
for encryption and decryption to occur and the application load/start successfully.
If using script files to start the application add the 
following system properties to the shell script:

	-Dcds.encrypt.password.properties=true 
	-Dcds.keystore.password=[value used when generating the .keystore file]

You can also add these properties at the command line if not using a startup script.

When the application first starts the cleartext values for passwords will be
encrypted and the file over-written to the same location.  Additionally a 
SecretKeySpec is generated and given to the keystore and the .keystore file
overwritten to its location.

If the application is later brought down and brought back up - the 
-Dcds.encrypt.password.properties can remain set to true, the
application will not re encrypt an already encrypted password - or you can set
this switch to false.  The -Dcds.keystore.password must always contain the 
correct password value used when the keystore was first generated.

If a .keystore is overwritten, it will be necessary when the application is next
restarted to change all passwords in property files to cleartext and then 
restart the application - a new SecretKeySpec is generated and the .keystore
updated and the passwords will be encrypted.

When connection passwords at the source (Server or Database) change (probably
every 90 days or so)- the property files need to be updated.  Stop the 
application - change the password values in the property files to 
the new values in cleartext and then restart the application,the passwords 
will be encrypted.



WINDOWS:

Follow all instructions above except you will be working with the .bat files 
instead of .sh.


