NexJ Logo

Adding PKI keys to an environment file

The environment file must be configured with at least one PKI key pair before you can deploy your model. A PKI key pair is a keystore that contains a public key and a private key.

Before starting this task, you must obtain the Base64-encoded PKI keystore in the PKCS #12 format.

In your model, PKI key pairs are used for impersonation and column encryption. When used for impersonation, the public and private keys are used to sign and validate impersonation tokens. When used for column encryption, they are used to encrypt and decrypt columns in the database.

When you add a PKI key pair to an environment file, you specify three attributes:

keystore
The Base64-encoded PKI keystore in the PKCS #12 format.

name
The alias of the keystore. If the PKI key pair will be used for impersonation, this must match the name of the impersonation user. If the PKI key pair will be used for column encryption, this is the name that you will reference in the cipher key.

password
The password for the keystore. The password can be encrypted, and specified using the text:, base64:, hex:, or master: prefixes. In a production environment, the password should be master key encrypted.

PKI key pairs are typically the same throughout a deployment, so you can use the same keystore in multiple environment files. However, for security purposes, you should use different keystores in your development and testing environments than you use in your production environment.

To add PKI keys to an environment file in NexJ Studio:

  1. In the Deployment layer, in the Environments tab, open the environment file to which you want to add a PKI key pair.

  2. In the Source tab, specify the PKI key pair.
    The code that you add to your environment file should be similar to the following:

    <PKIKeyPairs>
   <PKIKeyPair keystore="<keystore>" name="<keystoreAlias>"
 password="text:<password>"/>
</PKIKeyPairs>


    If you want to add more than one PKI key pair to your environment file, for each additional key pair, add another <PKIKeyPair> element within the <PKIKeyPairs> element.

  3. Click the Save button  in the toolbar to save the changes to the environment file.

The PKI keys are added to the environment file.