Change the Master Encryption Key

Administration Guide › Machine Administration › Data Encryption › Encrypt Stored Data › Change the Master Encryption Key

Change the Master Encryption Key

On each CA DataMinder machine, the keys used to encrypt stored data (the blob file keys) are themselves encrypted with a master key. For maximum data security, CA DataMinder allows you to manually change this master key.

Clearly, changing the master encryption key, especially on the CMS, is an extremely sensitive task. For this reason, the key change process has been rigorously engineered to eliminate the risk of data loss arising from an unrecoverable blob file encryption key. In particular, CA DataMinder:

Prevents the automatic creation of new blob file encryption keys while the master key change is underway or when a machine is starting up.
Scrupulously records each stage of the process in key change recovery files to enable automatic rollback if the key change fails.

CA DataMinder provides a command line method for manually changing the master encryption key. The command syntax is:

wgninfra -exec  wigan/infrastruct/database/KeyServices ManageKeys -m

Where:

wigan/infrastruct/database/KeyServices: Is the Java Class path. You must type this path exactly as shown here.
ManageKeys: Identifies the command as an encryption key operation.
-m: Specifies that the operation applies to the local master key.

More information:

Encrypt Stored Data