Previous Topic: How sechkey Configures Symmetric EncryptionNext Topic: Change the Symmetric Encryption Method


Change the Symmetric Encryption Key

Symmetric encryption keys protect communication between CA ControlMinder components. You use the sechkey utility to change the symmetric encryption keys. You can use sechkey in interactive or non-interactive mode.

Before you change the symmetric encryption key, note the following limitations:

You must have the ADMIN attribute to use sechkey.

Important! To avoid communication problems, use the same encryption key on all computers that run CA ControlMinder components.

To change the symmetric encryption key

  1. Stop CA ControlMinder.

    If you are changing the encryption settings on a CA ControlMinder Enterprise Management server, also stop the CA ControlMinder Web Service.

  2. Run the sechkey utility in interactive mode:
    sechkey
    

    The utility prompts you to enter the existing key and the new key, and changes the symmetric encryption key.

  3. Start CA ControlMinder.

    If you are changing the encryption settings on a CA ControlMinder Enterprise Management server, also start the CA ControlMinder Web Service.

    CA ControlMinder starts and encrypts communication with the new encryption key.

Example: Change the Symmetric Encryption Key in Non-interactive Mode

The following example changes the default CA ControlMinder symmetric key to a new key with the value newkey:

sechkey -d newkey

Note: For more information about the sechkey utility, see the Reference Guide.

More information:

sechkey Utility—Change a Symmetric Encryption Key