Secure > Enhance site security > Initialize KLF in WebSphere Commerce


Key Locator Framework (KLF)

To comply with the Payment Card Industry Data (PCI) security standard, a Key Locator Framework (KLF) has been introduced that will allow the encryption key (for example, the merchant key and Payments instance password) to be stored and retrieved from a configurable location such as from an external, more secure, device.

The Key Locator Framework provides the flexibility to define multiple encryption keys available to the system while each encryption key can be retrieved from a different provider. Four encryption key providers are defined out of the box, two for merchant key and two for Payments instance password.

To define a custom encryption key provider, such as managing the key from an external hardware device, a new class that implements WCKey interface must be created. An abstract class, called WCKeyBaseImpl, is also provided out of the box and can be extended by the custom key provider. This abstract class implements some of the common methods on the WCKey interface. The list of encryption keys available to the system are registered in a key configuration file.

An encryption key is defined in the key configuration file...

Where:

Once all the encryption keys are registered in the key configuration file, the WCKeyRegistry class is used for reading this file and caches all the encryption key providers in memory. Use the getKey() and getNewKey() methods from this class to retrieve the current and new key provider respectively.

For example, to retrieve the current default key implementation, you can use the following code snippet:

To retrieve the new key implementation of a particular encryption key and provider:


Related

  1. Key Provider Implementations for merchant key


+

Search Tips   |   Advanced Search