Master key creation to generate a new cipher key for encryption
As configuration-variable values contain sensitive data, they are encrypted with a default cipher key. Sensitive data may include user credentials or database passwords among others. An administrator can choose to not use the default cipher key, and create a new master key file to generate a new cipher key to ensure strict confidentiality of the key. Integration Platform uses the Advanced Encryption Standard (AES) algorithm to encrypt and decrypt configuration-variable values by using a secure encryption key. A single key encrypts all configuration variables during installation of the Integration Platform.
The Design Server comes with a default master key file (MKF) containing the default cipher key. However, the administrator can create a new master key file to generate a fresh cipher key to be known only to the administrator and other authorized people: so to ensure strict confidentiality of the cipher key
The default master key file /opt/hcl/hip1000/config/configvar.mkf contains the encryption key to decrypt the values at runtime, once deployed. If configuration variables are defined using encryption, then during the deployment of a package the master key file (config_var.mkf) deploys with the package to an Integration Platform runtime server to decrypt the values at run time.
An administrator can choose to create a new master key file (MKF) with or without a passphrase. Creating an MKF with a passphrase allows an administrator to reproduce the cipher key using the passphrase: in case the MKF becomes corrupt or gets accidentally deleted. However, generating a duplicate cipher key is only possible if the current operating system is the same as the one used to create the original MKF. If the administrator used no passphrase while creating the MKF, then they need to create a new MKF altogether so to generate a new cipher key.