|
|
|
Use the RELOAD=PASSPHRASE command to change the cryptographic pass phrase or dual pass phrases used to securely encrypt sensitive data in the BES database. Changing the pass phrase or dual pass phrases generates a new cryptographic key and results in the re-encryption of sensitive information in the BES database so that this information is protected with the new cryptographic key.
If the PassPhraseCount attribute in the StartupOptions section is set to 1 or is not specified, only one pass phrase is required. If it is set to 2, then two pass phrases are required and the PassPhraseID1 and PassPhraseID2 attributes are used in console messaging to identify which pass phrase is being requested.
Important! We recommend that you use the console command protection feature of your external security system to prevent unauthorized individuals from executing the RELOAD=PASSPHRASE command.
This command has the following format:
BESn RELOAD=PASSPHRASE
Indicates the BES task number.
Limits: If you are using your security system to control access to commands, all forms of this command can be controlled by a command protection profile.
EXAMPLE: RELOAD=PASSPHRASE command
This example re-encrypts sensitive database information under a new pass phrase for the database employed by the BES6 task.
BES6 RELOAD=PASSPHRASE
BES6X0103I Command Accepted *29 BES6KM597W Enter old database pass-phrase or CANCEL or ABORT R 29,SUPPRESSED *30 BES6KM597W Enter new database pass-phrase or CANCEL or ABORT R 30,SUPPRESSED *31 BES6KM598W Confirm pass-phrase or CANCEL or ABORT R 31,SUPPRESSED BES6X0100I Command Complete
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |