Add an AES key
Add an AES key so that you can encrypt text in scripts using FIPS-compliant encryption.
AES key overview
To encrypt text using FIPS-compliant encryption, you must have an AES key that meets the encryption requirements. You can use the LRSecureCryptUtils command line tool to generate a key, or use any 64-character hexadecimal string as a key. You add the key to the script runtime settings, or set it as a system variable.
Generate an AES key
Use the LRSecureCryptUtils command line tool to generate an AES key. You can generate the key in the command line, or save it to a file.
-
To generate an AES key in the command line, run the following command.
<installdir>\bin>LRSecureCryptUtils -mode=genKey
-
To generate an AES key and save it to a file, run the following command and indicate a file where you want to save the key.
<installdir>\bin>LRSecureCryptUtils -mode=genKey -keyLocation=<file path>
When you run the command, a key is generated and saved in the specified file. If the file does not exist, it is automatically created.
Add the AES key
Add the AES key as an attribute in the script runtime settings, or set it as a system variable. You can indicate the key itself, or a file where the key is stored.
Caution: Use only one of the following methods to add the AES key. If multiple AES keys are added using different methods, encryption or decryption may fail.
To add the AES key in the runtime settings:
- Open the runtime settings and go to the Additional Attributes page.
- Click the Add button
to add an attribute.
-
Set the attribute to indicate the key itself, or a file where the key is stored.
-
To indicate the key, set the fields as follows.
Field Value Argument Name ENCRYPTION_KEY Argument Value <AES key> -
To indicate a file where the key is stored, set the fields as follows.
Field Value Argument Name ENCRYPTION_KEY_FILE Argument Value <Path to file containing AES key>
-
To add the AES key as a system variable:
-
To set a system variable indicating the key itself, define the variable as follows.
Variable Value LR_ENCRYPTION_KEY <AES key> -
To set a system variable indicating a file where the key is stored, define the variable as follows.
Variable Value LR_ENCRYPTION_KEY_FILE <Path to file containing AES key>
See also: