...
If any of the required keys cannot be found, IDM will fail to start and print an error log message concerning the misconfigured descriptor.
TODO: Boostrapping Migration Docs for Upgrade
Bootstrapping Productive Systems
...
use-case: Encrypt and decrypt fields in the Identity Manager database
included by default in XML config
placeholder keys forbidden for productive use due to (loss of confidentiality)
HSM supported for increased security
no versioning, always uses version 1
supported asymClipher values:
for HSM
RSA/ECB/OAEPWithSHA-384AndMGF1PaddingRSA/ECB/OAEPWithSHA-512AndMGF1Padding
for PKCS#12
RSA/None/OAEPWithSHA384AndMGF1PaddingRSA/None/OAEPWithSHA512AndMGF1Padding
key requirements:
RSA 2048
RSA 3072
RSA 4096 (recommended)
certificate requirements:
no special requirements, as only the key-pair is used
may be self-signed
key usage is not checked (recommended for informational purposes: set dataEncipherment)
validity is ignored
certificate does not need to be trusted
...