Nexus Documentation

Space shortcuts

Page tree

Versions Compared

Old Version 1

changes.mady.by.user Ylva Andersson

Saved on

compared with

New Version Current

changes.mady.by.user Josefin Klang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Fixed typo.

...

Expand
titleImport decrypted configuration

The encrypted configuration zip archive has the wrapped symmetric key inside. The asymmetric key for unwrapping and decrypting must be defined in engineSignEncryptConfig.xml. The settings in engineSignEncryptConfig.xml and the key container file (for example, the .p12 file) defined in the descriptor of the XML file must be shared across instances.

Automatic decryption

Automatic sensing of necessary decryption is enabled regardless of the zipPacker.encryptZip property in system.properties when you import a configuration zip archive, for example, a configuration/translation/process/... zip archive. You can always import unencrypted configuration archives. You can import encrypted configuration archives if the settings in engineSignEncryptConfig.xml are available and correct and the property zipEncrypterDecrypter.version in system.properties matches the Nexus-Encryption-Descriptor-Version in descriptors.info of the archive.

You must also verify the settings against descriptors.info of the archive you want to import.

Warning

To support automatic sensing for decryption, the zip archive should not have been modified or manipulated after export, especially when signature creation is applied.

Manual decryption

You cannot perform manual decryption outside of Smart ID Identity MangerManager.

Modify settings

Expand
titleIncrease the descriptor version number

To support successful decryption of any already exported encrypted archives, do not change the settings for the existing version number.

Info
titleImportant!

If you modify the attributes of the descriptor or replace/modify the key file, you must increase the version number of the descriptor.

When you import an older versioned encrypted configuration file into the system, make sure to update the XML file accordingly. 

Expand
titleDocker installation

The docker environment uses signencrypt.xml for the settings, you find the file in the config folder.

  1. Check the docker-compose.yml of the Smart ID Identity Manager Admin and Identity Manager Operator instance for the reference of signencrypt.xml in the "volumes" section.

    Code Block
    titleExample: Location of signencrypt.xml
    ...
    environment:
...
      - 'SYSTEM_PROPERTIES={
          ...
        }'
...
    volumes:
      - "../config/signencrypt.xml:/usr/local/tomcat/webapps/ROOT/WEB-INF/classes/engineSignEncryptConfig.xml:ro"
...


  2. To increase the version number of the descriptor, open the section SYSTEM_PROPERTIES in docker-compose.yml and modify the zipEncrypterDecrypter.version:

    Code Block
    titleModify zipEncrypterDecrypter.version
    ## default version number is 1, but if it has to be increased, this is the only way
## to provide the version number to be used by the encryption of the configuration
zipEncrypterDecrypter.version=2



Expand
titleWAR file deployment

To increase the version number of the descriptor, open system.properties and modify zipEncrypterDecrypter.version:

Code Block
titleModify zipEncrypterDecrypter.version
## default version number is 1, but if it has to be increased, this is the only way
## to provide the version number to be used by the encryption of the configuration
zipEncrypterDecrypter.version=2



...