Existing Encryption vs New Encryption
|
Aspect |
Existing Configuration |
New Configuration |
|---|---|---|
|
Key Storage |
.dat file and AsEncryption database table |
Secure Java keystore file (oipakeystore.p12) with multiple secret-key aliases such as OIPAALIASDEFAULT and OIPAALIASHMACKEY. |
|
Key Access |
Direct file or database lookup |
Accessed securely using keystore APIs |
|
Password Handling |
Passwords stored in config files or hardcoded |
Passwords stored securely using environment variables (OIPA_KEYSTORE_PWD) |
|
Runtime Usage |
|
Separate runtime alias usage is supported for encryption/decryption and HMAC signing or verification. |
Note: The current 12.2 system remains compatible with the existing encryption alias and also supports a dedicated keystore alias for HMAC use cases.
