It is now possible to implement custom solutions for retrieving the advanced encryption master key from an arbitrary library. This feature eases the way the developers can customize the master key prompt.
The new ctsrvr.cfg configuration keyword, MASTER_KEY_LIB, takes a string defining the complete library name to load, for example:
The master key library must link with the OpenSSL libraries that are used to secure the master key exchange and implement the following functions:
Both functions are called by the server code in ctcryp.c. If the version does not match or ctGetSecret returns something different than 0, the master key will not be loaded and the server will be shut down.
To correctly return the encrypted master key, the following must be called to encrypt the master key before returning 0 in ctGetSecret:
int ctSecureMasterKey(ctSecureMasterKeyParams_t *SecureMasterKeyParams)