Previous Topic: DBUtil: CA AuthMinder Database UtilityNext Topic: Updating the Master Key

CA Strong Authentication Administration GuideSystem Administrators UtilitiesDBUtil: CA AuthMinder Database UtilityUsing DBUtil Options

Using DBUtil Options

The options for DBUtil is listed in the following table. In this table, key-value pair refers to either DSN, password, or database user name/password pair. The DSN/password is used by CA AuthMinder Server, while user name/password is used by Administration Console and User Data Service.

Option

Description

-h

Displays the Help for the tool.

Syntax:

dbutil -h

-init

Creates a new securestore.enc with the new master key that you specify, as discussed in Update the Master Key.

Syntax:

dbutil -init key

Example:

dbutil -init MasterKeyNew

dbutil -init WebFortDatabaseMKNew

Note: This command succeeds only if there is no securestore.enc in the conf directory.

-pi

Inserts an additional key-value pair into securestore.enc, as discussed in Update the Master Key.

Syntax:

dbutil -pi <key> <value> [-h HSMPin [-d HSMModule]]

  -h HSMPin is required if securestore.enc is protected by HSM cryptography.

  -d HSMModule is optional when -h is present. It defaults to "nfast" 
  (NCipher).

Example:

dbutil -pi WebFortBackupDSN dbapassword

dbutil -pi Jack userpassword

dbutil -pi Jack userpassword -h hsmpassword -d chrysalis

Note: Each key can only have one value. If you have already inserted a key-value pair, then you cannot insert another value for the same key.

-pu

Updates the value for an existing key-value pair in securestore.enc. This feature can be used when you need to update the database password.

Syntax:

dbutil -pu <key> <value> [-h HSMPin [-d HSMModule]]

Example:

dbutil -pu WebFortDatabaseDSN newPassword

dbutil -pu Jack userPassword

dbutil -pu Jack userpassword -h hsmpassword -d chrysalis

-pd

Deletes the specified key-value pair from securestore.enc.

Syntax:

dbutil -pd <key> [-h HSMPin [-d HSMModule]]

Example:

 dbutil -pd WebFortDatabaseDSNOld

 dbutil -pd Jack

-i

Inserts the specified primary name-value pair in the securestore.enc file, if hardware-based encryption is used to secure the data in this file. This is used during server startup to provide HSM initialization information.

Syntax:

 dbutil -i <primeKey> <HSMPin>
where primeKey is the name of the HSM module

Example:

 dbutil -i chrysalis pin

-u

Updates the specified primary name-value pair in the securestore.enc file, if hardware-based encryption is used to secure the data in this file.

Syntax:

 dbutil -u <primeKey> <HSMPin>
where primeKey is the name of the HSM module

Example:

 dbutil -u chrysalis newHSMpin

-d

Deletes the specified primary name-value pair, if hardware-based encryption is used to secure the data in this file.

Syntax:

 dbutil -d <primeKey>

where primeKey is the name of the HSM module

Example:

dbutil -d chrysalis