Use the password agent

The fglpass tool can be started as an agent, to help any BDL application who requires a password to grant access to a private key, by getting it without having to type it. You simply need to enter the password once for each private key at the agent startup, and then any BDL application started on the same machine and with the same user name as the agent itself can get rid of entering the different passwords.

Of course, authentication and data encryption are performed between the BDL application and the agent to guarantee passwords confidentiality, and the passwords are also stored encrypted in the agent memory.

  1. To start the password agent at port number 4242 and to serve the BDL applications with the passwords of the private key RSAKey1.pem and DSAKey2.der, specify the option -agent, followed by a colon, followed by the port number where it will be reachable, followed by the list of private keys the agent will handle for all BDL applications.
    fglpass -agent:4242 RSAKey1.pem DSAKey2.der
  2. The agent will ask you to silently enter the password of the different keys(the passwords are not displayed to the console when being typed). In this example, you have:
    Enter pass phrase for RSAKey1.pem:
    Followed by:
    Enter pass phrase for DSAKey2.der:
  3. Once all keys have been treated, it displays following message to notify that the agent is ready to serve.

    Agent started
  4. To enable one BDL application to use the password agent capability, set the entry called security.global.agent in the FGLPROFILE file with the port number of the agent.

    In our example, with value 4242:
    security.global.agent = "4242"