Previous Topic: Re-encrypt Keys Stored in the Policy or Key Store

Next Topic: Verify that Password Blobs are Re-encrypted

Re-encrypt the Policy Store Data

To re-encrypt the policy store data

  1. Open a command prompt from the machine hosting the Policy Server and navigate to the location to which you want to export the policy store data file.
  2. Run the following command:
    XPSExport outputfile -xa -passphrase phrase -vT -vI -vW -vE -vF -e file_name -l log_file
    

    Note: Although you can use XPSExport to export one or more granular objects, this procedure provides the arguments for exporting all of the policy store data. This ensures that the export includes all of the sensitive data. More information on exporting one or more granular objects exists in the Policy Server Administration Guide.

    XPSExport exports the policy store data and places the data file in the directory from which you ran the tool.

  3. Run the following command:
    XPSImport input_file -passphrase phrase -vT -vI -vW -vE -vF -l log_path
    

    XPSImport imports the data into the policy store. Sensitive data is encrypted using FIPS-compliant algorithms.

If your environment users Basic Password Services, you may now verify that the Password Blobs are re-encrypted using FIPS-approved algorithms.


Copyright © 2010 CA. All rights reserved. Email CA about this topic