Setting Up Licensing

All ACI communication actions sent to ACI API components in an OEM-licensed environment must be ACI encrypted. ACI API components access the licensekey.dat file to determine the encryption keys required to decode encrypted action.

NOTE: You must not use the CommsEncryptionType and CommsEncryptionTEAKeys (deprecated) configuration parameters to encrypt ACI communications because the key would be publicly available.

ACI API components also require a versionkey.dat file, which determines the versions of the component that the license can run.

To set up licensing in an OEM environment

  • Encrypt ACI communications between ACI API components and the front-end application by making the appropriate API call in your application and passing in the OEM encryption keys that were provided to you. For example:

    In the C API, you could make the following call:

    const char* szKeys = "MjR8CJCUGcb4RbRdNDKbK9RXX3pEswAiZ";
    aciInitEncryption(TRUE, "TEA", szKeys);

    where the value of szKeys is the encryption key provided with the license.

    In the Java API, you could make the following call:

    BteaEncryptionCodec encryptionCodec = new BteaEncryptionCodec(
        "MjR8CJCUGcb4RbRdNDKbK9RXX3pEswAiZ");
    aciServerDetails.setEncryptionCodec(encryptionCodec);
  • Redistribute the licensekey.dat and versionkey.dat files with your application by copying them to the working directory of each ACI API component. The ACI API components then read the license from the licensekey.dat instead of the [License] section of the component’s configuration file.

    The licensekey.dat file is generated by OpenText and provided to you along with your license.

    You can download versionkey.dat from the Software Licenses and Downloads portal (SLD), in the License Server package or as a standalone download package. You must download a new versionkey.dat when you upgrade your ACI API components.

  • To use OEM encryption with NiFi Ingest, set up an OEM license service. This service provides support for encrypted actions, by decrypting actions to other NiFi processors. For more information, refer to the NiFi Ingest Help.

  • Unlike standard ACI encryption, the ACI responses from the ACI API component are not encrypted by default. You can optionally encrypt the response returned by a ACI API component by setting the EncryptResponse action parameter to True in the ACI action you run. However, in most cases OpenText recommends that you use SSL/TLS for secure communications.