|
|
|
This FIPS-compliant password utility generates an encryption key from the command line. This functionality allows you to copy the generated FIPS key to an external file and use it for encryption.
To access the Password Tool, look for the following ZIP file located in the product package:
CA-RCM-12.6.01-CSM-Password-Tools.zip.
Note: Before using the password tool, edit the pwdtools.bat/pwdtools.sh file and set the JAVA_HOME variable as required.
This command has the following syntax:
pwdtools -[FIPSKEY|JSAFE|FIPS] -p [plain text] -k [key file location]
Encrypt a plain text value using non-FIPS algorithm.
Example:
pwdtools -JSAFE -p mypassword
Create a FIPS key file.
Example:
pwdtools -FIPSKEY -k C:\keypath\FIPSkey.dat
Where keypath is the full path to the location where you want the FIPS key to be stored.
The password tool creates the FIPS key in the location specified.
Note: Be sure to secure the key by setting the directory access permissions for specific group or user types.
Encrypt a plain text value using a FIPS key file. This uses the existing FIPS key file.
Example:
pwdtools -FIPS -p firewall -k C:\keypath\FIPSkey.dat
Where keypath is the full path to the FIPS key directory.
To use your external file for FIPS encryption with the product, go to the Portal and navigate to Administration, Settings, Common Property Settings and add the following property:
fips.file.location=fips_file_location
where fips_file_location is the location of the external file generated by the Password Tool using double backslashes (\\) in the path, for example c:\\sub_folder1\\sub_folder2\\Fipskey.dat. If this property is not set, the product generates the FIPS key by default.
| Copyright © 2012 CA. All rights reserved. |
|