mqiptPW (encrypt stored password)

Encrypt a password for use by IBM MQ Internet Pass-Thru (MQIPT).


Purpose

Use the mqiptPW command to encrypt a password that is stored for use by MQIPT.

The MQIPT configuration might include passwords to access various resources, as well as the MQIPT access password for administration using the command port.

In versions earlier than Version 9.1.5, only passwords that are used by MQIPT to access key rings, or cryptographic hardware key stores, can be encrypted. From Version 9.1.5, all stored passwords for use by MQIPT should be protected by encrypting the password with the mqiptPW command.


Syntax

Use this syntax to call the mqiptPW command to encrypt any password for use by MQIPT Version 9.1.5 or higher. Store the encrypted password in the appropriate property in the mqipt.conf configuration file.

The command will prompt for the password be encrypted to be entered.

mqiptPW -sfencryption_key_file-spprotection_mode


Optional parameters

    -sf encryption_key_file
    The name of a file that contains the password encryption key. If specified, the file must contain at least one character, and only one line.
    If this parameter is not specified, the default password encryption key is used.
    This parameter can be specified only with password protection mode 1 or higher.

    -sp protection_mode
    The password protection mode to be used by the command. One of the following values can be specified:

      0
      Deprecated password protection mode.

      1
      The current most secure password protection mode. This protection mode is supported from MQIPT Version 9.1.5. This is the default value.


Deprecated syntax to encrypt key ring passwords

Use this syntax to call the mqiptPW command to encrypt a key ring password. The encrypted password is stored in file which can be read by any version of MQIPT. This syntax is deprecated from Version 9.1.5 as it does not offer the most secure encryption method.

mqiptPW passwordfile_name-replace


Parameters for deprecated syntax

    password
    The clear text password to encrypt. Passwords can include the space character, but the whole password string must be enclosed in quotes for this to be acceptable. There is no limit to the length or format of the password.

    file_name
    The name of a file to create, to contain the encrypted password.

    -replace
    Overwrite an existing password file with the same name, if it exists. This parameter is optional.


Return codes

Return code Description
0 Command successful.
>0 Command not successful.
Parent topic: IBM MQ Internet Pass-Thru commands reference