Previous Topic: sechkey Utility—Change a Symmetric Encryption KeyNext Topic: sechkey Utility—Configure X.509 Certificates


sechkey Utility—Change the Symmetric Encryption Method

The sechkey utility changes the symmetric encryption method for CA ControlMinder programs. When you change the symmetric encryption method, sechkey decrypts each encrypted password in the CA ControlMinder database then encrypts each password with the new encryption method.

Note: If CA ControlMinder is operating in FIPS-only mode, you cannot change the symmetric encryption method. CA ControlMinder operates in FIPS-only mode when the value of the fips_only configuration token in the crypto section is 1. This restriction prevents you from changing the encryption method to a non-FIPS compliant method.

You must stop CA ControlMinder before you use sechkey to change the symmetric encryption method. You must have the ADMIN attribute to use sechkey.

Important! To avoid communication problems, use the same encryption method on all computers that run CA ControlMinder components.

This utility has the following format:

sechkey -m -sym {aes128 | aes192 | aes256 | des | tripledes | default} [-s registry_path]
-m

Specifies to change the encryption method.

-s registry_path

(Windows) Specifies the registry root path where the encryption key for CA ControlMinder programs is stored. This switch is only valid for third-party programs that use the CA ControlMinder SDK.

-sym

Specifies the new encryption method to use.

aes128

Specifies to use the following encryption method:

(Windows): aes128enc.dll

(UNIX): libaes128.so

aes192

Specifies to use the following encryption method:

(Windows): aes192enc.dll

(UNIX): libaes192.so

aes256

Specifies to use the following encryption method:

(Windows): aes256enc.dll

(UNIX): libaes256.so

des

Specifies to use the following encryption method:

(Windows): desenc.dll

(UNIX): libdes.so

tripledes

Specifies to use the following encryption method:

(Windows): tripledesenc.dll

(UNIX): libtripledes.so

default

Specifies to use the following proprietary CA ControlMinder encryption method:

(Windows): defenc.dll

(UNIX): libscramble.so

Example: Change the Symmetric Encryption Method to AES256

The following command changes the symmetric encryption method to AES256:

sechkey -m -sym aes256

More information:

Change the Symmetric Encryption Method

ChangeEncryptionMethod Utility—Change Encryption Method