OpenText Cordys 10.6 documentation : Protection of Key Store and Trust Store

Protection of Key Store and Trust Store
This topic describes how the key store and the trust store are protected.


Protection of the key- and trust store is very important because they are used in authentication processes and contain private keys.

The key- and trust store are stored in LDAP in the service group configuration. To prevent stealing, they are encrypted with a shared key. This shared key is used by all Cordys Monitors of a distributed system.

To protect the shared key, it is encrypted with the public certificate of the Cordys Monitor and stored in the service group configuration of the Cordys Monitor. It can only be decrypted with the private key of the Cordys Monitor.

Only the person who has access to the hard disk of a machine can access the private key of the Cordys Monitor. This can be made more secure by using file-based protection available in every operating system.

This infrastructure of shared key, private and public keys, and certificates is set up during installation of Process Platform.

Related information

Authentication Plugins
Managing Service Group Trust Relation
Managing Certificates