Modify Encryption Key Length
PTC recommends modifying the length of the encryption key used to protect sensitive information, from 128 bits to 256 bits. To change the encryption key length, select the appropriate procedure depending on whether you are changing the property immediately after a new installation of, or upgrade to, Windchill 11.0 or later, or modifying an existing system. The default value for the following property must be modified using the xconfmanager utility.
Property Name
|
Property Details
|
wt.intersvrcom.siteSecurity.encryptionKey.keyLength
|
Default: 128
|
Description: Sets the length of the encryption key used to protect sensitive information.
|
Valid values: 128, 256
|
|
PTC recommends setting the property immediately after upgrading to, or a new installation of, Windchill 11.0 or later.
|
Set Property Immediately After New Installation or Upgrade to Windchill 11.0 or Later
Use this procedure to modify the encryption key property immediately after upgrade to, or new installation of, Windchill 11.0 or later.
1. After a new or upgrade installation succeeds, stop the Apache and Method servers.
2. Change the property value to 256 by modifying the property in wt.properties using the following syntax in the xconfmanager utility.
xconfmanager -s wt.intersvrcom.siteSecurity.encryptionKey.keyLength=256 -t codebase/wt.properties -p
3. Download “Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files” from the Oracle website. Select the file that corresponds to the Java version used in your Windchill installation.
a. Open the README.txt from the downloaded file and follow the installation steps.
|
PTC does not provide support for this third-party tool.
|
4. Start the Apache and Method servers.
5. Upon server startup, the encryption key length will be updated to 256 bits.
6. Proceed with setting up the cluster nodes and file servers as you would as part of the upgrade process.
(Optional) Install JCE within Java on the File Server.
|
All versions of Java used in Windchill should have JCE installed.
|
Set Property in Current Installation
Use this procedure to modify the encryption key property in a current installation.
|
Perform the following steps for the master and File server at the same time. If the master is updated first, the public key will change and the File servers will not be able to communicate with the master server.
|
1. Stop the cluster and File servers
2. Change the property value to 256 by modifying the property in wt.properties using the following syntax in the xconfmanager utility.
xconfmanager -s wt.intersvrcom.siteSecurity.encryptionKey.keyLength=256 -t codebase/wt.properties -p
3. Download “Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files” from the Oracle website. Select the file that corresponds to the Java version used in your Windchill installation.
a. Open the README.txt from the downloaded file and follow the installation steps.
|
PTC does not provide support for this third-party tool.
|
4. Start the Apache and Method server only for the master.
5. Upon server startup, the encryption key length will be updated to 256 bits.
6. Copy the files to all cluster nodes
a. Windchill\bin\adminTools\sip\store\sip.keystore
b. Windchill\CCSTools\key\master.pubkey
8. Start all cluster nodes and the File Servers.