securityUtility createLTPAKeys

The securityUtility createLTPAKeys command creates a set of LTPA keys for use by the server, or that can be shared with multiple servers. If no server or file is specified, an ltpa.keys file is created in the current working directory.

Usage example

Create LTPA keys with the mypassword password that is encrypted with Advanced Encryption Standard (AES) encryption:

securityUtility createLTPAKeys --password=mypassword --passwordEncoding=aes

Syntax

Run the command from the path_to_liberty/wlp/bin directory.

securityUtility createLTPAKeys --password=pwd [options]
--password=pwd

The password for the LTPA key. If no value is specified, you’re prompted for a value. when you run this command.

Options

Options for the securityUtility createLTPAKeys command
OptionDescription

--file=name

The file in which to write the LTPA keys. This option can’t be used if the --server option is specified.

--passwordEncoding=password_encoding_type

Specifies how to encode the LTPA keys password in the server.xml file. Supported encoding types are xor and aes. If this option isn’t specified, a default encoding type of xor is used.

You can use the securityUtility encode --listCustom command to see if any additional custom encryptions are supported.

--passwordKey=password_encryption_key

Specifies the key to use to encode an LTPA keys password with AES encryption. This string is hashed to produce an encryption key that is used to encrypt and decrypt the password. You can provide the key by defining the wlp.password.encryption.key variable as the key value. If this option isn’t specified, a default key is used.

--server=name

Specifies the name of the Open Liberty server for which the LTPA keys are created. This option can’t be used if the --file option is specified.

Exit codes

The following exit codes are available for the securityUtility createLTPAKeys command:

Exit codes for the securityUtility createLTPAKeys command
CodeExplanation

0

This code indicates successful completion of the requested operation.

1

This code indicates a generic error.

2

This code indicates that the server is not found.

3

This code indicates that the client is not found.

4

This code indicates that the path can not be created.

5

This code indicates that the file already exists.