Dell PowerVault TL4000 Dell PowerVault ML6000 Encryption Key Manager User's - Page 42

Changing Keystore Passwords, Importing Data Keys Using Keytool -importseckey, do not change, keytool

Get Dell PowerVault TL4000 PDF manuals and user guides View all Dell PowerVault TL4000 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 42 highlights

abcefghij1234567 ? wrong length abcg0000000000000001 ? prefix is longer than 3 characters If an alias already exists in the keystore, keytool throws an exception and stops. Changing Keystore Passwords Note: Once you have set the keystore password, do not change it unless its security has been breached. The passwords are obfuscated to eliminate any security exposure. Changing the keystore password requires that the password on every key in that keystore be changed individually using the following keytool command. To change the keystore password enter: keytool -keypasswd -keypass old_passwd -new new_passwd -alias alias -keystore keystorename -storetype keystoretype You must also edit KeyManagerConfig.properties to change the keystore password in every server configuration file property where it is specified using one of these methods: v Delete the entire obfuscated password and allow the Encryption Key Manager to prompt on the next startup. v Delete the entire obfuscated password and type the new password in the clear. It will be obfuscated on the next startup. Importing Data Keys Using Keytool -importseckey Use the keytool -importseckey command to import a secret key or a batch of secret keys from an import file. keytool -importseckey takes the following parameters: -importseckey [-v] [-keyalias ] [-keypass ] [-keystore ] [-storepass ] [-storetype ] [-providerName ] [-importfile ] [-providerClass ] [providerArg ] These parameters are of particular importance when importing data keys for the | Encryption Key Manager to serve to the LTO 4 and LTO 5 drives for tape encryption: -keyalias Specifies the alias of a private key in keystore to decrypt all the data keys in importfile. -importfile Specifies the file that contains the data keys to be imported. Exporting Data Keys Using Keytool -exportseckey Use the keytool -exportseckey command to export a secret key or a batch of secret keys to an export file. keytool -exportseckey takes the following parameters: -exportseckey [-v] [-alias | aliasrange ] [-keyalias ] [-keystore ] [-storepass ] 3-12 Dell Encryption Key Mgr User's Guide

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
abcefghij1234567 ? wrong length
abcg0000000000000001 ? prefix is longer than 3 characters
If an alias already exists in the keystore, keytool throws an exception and stops.
Changing Keystore Passwords
Note:
Once you have set the keystore password,
do not change
it unless its
security has been breached. The passwords are obfuscated to eliminate any
security exposure. Changing the keystore password requires that the
password on every key in that keystore be changed individually using the
following
keytool
command.
To change the keystore password enter:
keytool -keypasswd
-keypass
old_passwd
-new
new_passwd
-alias
alias
-keystore
keystorename
-storetype
keystoretype
You must also edit KeyManagerConfig.properties to change the keystore password
in every server configuration file property where it is specified using one of these
methods:
v
Delete the entire obfuscated password and allow the Encryption Key Manager to
prompt on the next startup.
v
Delete the entire obfuscated password and type the new password in the clear. It
will be obfuscated on the next startup.
Importing Data Keys Using Keytool -importseckey
Use the keytool -importseckey command to import a secret key or a batch of secret
keys from an import file.
keytool -importseckey
takes the following parameters:
-importseckey
[-v]
[-keyalias <keyalias>] [-keypass <keypass>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-providerName <name>]
[-importfile <importfile>] [-providerClass <provider_class_name>]
[providerArg <arg>]
These parameters are of particular importance when importing data keys for the
Encryption Key Manager to serve to the LTO 4 and LTO 5 drives for tape
encryption:
-keyalias
Specifies the alias of a private key in keystore to decrypt all the data keys in
importfile
.
-importfile
Specifies the file that contains the data keys to be imported.
Exporting Data Keys Using Keytool -exportseckey
Use the keytool -exportseckey command to export a secret key or a batch of secret
keys to an export file.
keytool -exportseckey
takes the following parameters:
-exportseckey
[-v]
[-alias <alias> | aliasrange <aliasRange>] [-keyalias <keyalias>]
[-keystore <keystore>] [-storepass <storepass>]
3-12
Dell Encryption Key Mgr User's Guide
|