You re-encrypt the keys stored in the policy or key store to replace the existing keys with versions that are encrypted using FIPS-compliant algorithms.
To re-encrypt the keys stored in the policy or key store
smkeyexport -dadmin_name -wadmin_password -ooutput_file_name -l -v -t -cf
Specifies the name of the SiteMinder administrator account.
Specifies the password for the SiteMinder administrator account.
(Optional) Specifies the name of the exported file. If you do not specify a file name, the default file name is stdout.smdif.
Note: Ensure that the file name contains the .smdif extension.
Example: pskeys.smdif
Specifies that a log file be created.
(Optional) Enables verbose mode for troubleshooting.
(Optional) Enables tracing for troubleshooting.
Specifies that smkeyexport run in FIPS-migration mode.
Note: When smkeyexport runs in FIPS-migration mode, the keys stored in the policy store are exported and re-encrypted using FIPS-compliant algorithms.
smkeyexport exports an smdif file that contains the re-encrypted keys.
smkeyimport -iinput_file_name -dadmin_name -wadmin_password -l -v -t -cf
Specifies the name of the file output file you created.
Note: Ensure that the file name you specify includes the .smdif extension.
Specifies the name of the SiteMinder administrator account.
Specifies the password for the SiteMinder administrator account.
Specifies that a log file be created.
(Optional) Enables verbose mode for troubleshooting.
(Optional) Enables tracing for troubleshooting.
Specifies that smkeyimport run in FIPS-migration mode.
smkeyimport imports the re-encrypted keys into the respective store.
You may now re-encrypt policy store data.
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |