Bookshelf Home | Contents | Index | PDF |
Security Guide for Siebel Business Applications > Communications and Data Encryption > Configuring Data Encryption > Using Key Database ManagerThe Key Database Manager utility allows you to add new encryption keys to the keyfile and to change the keyfile password. The Key Database Manager utility is named keydbmgr.exe on Microsoft Windows and keydbmgr on UNIX platforms. It is located in the bin subdirectory of the Siebel Server directory. The Key Database Manager program is available on all supported Siebel Server platforms. Running Key Database ManagerBefore running the Key Database Manager, make sure that the Siebel Gateway Name Server is running. The encryption key cache version used by Siebel business components is stored in the Name Server. The Key Database Manager automatically determines which encryptor to use (RC2 Encryptor or AES Encryptor). CAUTION: You must back up the keyfile before making changes to it. If the keyfile is lost or damaged, it may not be possible to recover the encrypted data without a backup keyfile. To run the Key Database Manager
Table 3 lists the flags and parameters for the Key Database Manager utility.
Adding New Encryption KeysYou can add new encryption keys to the keyfile. The AES Encryptor or RC2 Encryptor uses the latest key in the keyfile to encrypt new data; existing data is decrypted using the original key that was used for encryption, even if a newer key is available. There is no limit to the number of encryption keys that you can store in the keyfile. CAUTION: You must back up the keyfile before making changes to it. If the keyfile is lost or damaged, it may not be possible to recover the encrypted data without a backup keyfile.
Changing the Keyfile PasswordThe keyfile is encrypted using an encryption key generated from a keyfile password. To prevent unauthorized access, you can change the keyfile password using the Key Database Manager utility. The keyfile will be re-encrypted using a new encryption key generated from the new keyfile password. Before using AES or RC2 encryption for the first time, you need to change the keyfile password because all versions of the Key Database Manager utility are shipped with the same default password. The default keyfile password is kdbpass. Consider changing the keyfile password regularly to make sure the file is secured. CAUTION: You must back up the keyfile before making changes to it. If the keyfile is lost or damaged, it may not be possible to recover the encrypted data without a backup keyfile. To change the keyfile password
|
Security Guide for Siebel Business Applications |