Add an AES key

Add an AES key so that you can encrypt text in scripts using FIPS-compliant encryption.

AES key overview

To encrypt text using FIPS-compliant encryption, you must have an AES key that meets the encryption requirements. You can use the LRSecureCryptUtils command line tool to generate a key, or use any 64-character hexadecimal string as a key. You add the key to the script runtime settings, or set it as a system variable.

Back to top

Generate an AES key

Use the LRSecureCryptUtils command line tool to generate an AES key. You can generate the key in the command line, or save it to a file.

  • To generate an AES key in the command line, run the following command.

    <installdir>\bin>LRSecureCryptUtils -mode=genKey

  • To generate an AES key and save it to a file, run the following command and indicate a file where you want to save the key.

    <installdir>\bin>LRSecureCryptUtils -mode=genKey -keyLocation=<file path>

    When you run the command, a key is generated and saved in the specified file. If the file does not exist, it is automatically created.

Back to top

Add the AES key

Add the AES key as an attribute in the script runtime settings, or set it as a system variable. You can indicate the key itself, or a file where the key is stored.

Caution: Use only one of the following methods to add the AES key. If multiple AES keys are added using different methods, encryption or decryption may fail.

To add the AES key in the runtime settings:

  1. Open the runtime settings and go to the Additional Attributes page.
  2. Click the Add button to add an attribute.
  3. Set the attribute to indicate the key itself, or a file where the key is stored.

    • To indicate the key, set the fields as follows.

      Field Value
      Argument Name ENCRYPTION_KEY
      Argument Value <AES key>

    • To indicate a file where the key is stored, set the fields as follows.

      Field Value
      Argument Name ENCRYPTION_KEY_FILE
      Argument Value <Path to file containing AES key>

To add the AES key as a system variable:

  • To set a system variable indicating the key itself, define the variable as follows.

    Variable Value
    LR_ENCRYPTION_KEY <AES key>
  • To set a system variable indicating a file where the key is stored, define the variable as follows.

    Variable Value
    LR_ENCRYPTION_KEY_FILE <Path to file containing AES key>

Back to top

See also: