Previous Topic: Delete Enterprise Log Manager ConnectionNext Topic: User Console Design Guide


Manage Secret Keys

Use Secret Keys to manage dynamic keys that encrypt or decrypt data. If you suspect that a user gained unauthorized access to a key, you can change the password for the keystore. The keystore is the database that stores secret keys. Once you change this password, CA IdentityMinder re-encrypts the values of the keys.

Each environment has a set of dynamic keys and a keystore password. If environments share a user directory, use the same dynamic keys and keystore password for each environment.

Keystore passwords are encrypted using keys embedded in encryption code or the parameters that are entered during installation of the CA IdentityMinder server. In a cluster, all nodes share the values for dynamic keys and the keystore password.

Encryption operations use the latest dynamic key for the correspondent algorithm and environment. Decryption operations check if a Key ID exists in the encrypted data, so that the right key is used. The Encrypted Text Formats section of the Configuration Guide provides more details.

Follow these steps:

  1. Enter or modify the password to the Keystore.
  2. Click Add a Key if you need another key.
  3. Select an algorithm.
  4. Enter a password for the key.

    For PBE and RC2, the maximum key length is 128 bytes.

    For AES, the valid key sizes are 16, 24, and 32 bytes.

  5. Click Submit.
  6. If you modified the Keystore Password, click Submit.

    CA IdentityMinder encrypts the values of the keys again.