Bookshelf Home | Contents | Index | PDF     

Security Guide for Siebel eBusiness Applications > Communications and Data Encryption > Configuring Data Encryption >

Using Key Database Manager

The Key Database Manager utility allows you to add new encryption keys to the keyfile and to change the keyfile password. The Key Database Manager utility is named keydbmgr.exe on Microsoft Windows and keydbmgr on UNIX platforms. It is located in the bin subdirectory of the Siebel Server directory.

The Key Database Manager program is available on all supported Siebel Server platforms.

Running Key Database Manager

Before running the Key Database Manager, make sure that the Siebel Gateway Name Server is running. The encryption key cache version used by Siebel business components is stored in the Name Server.

The Key Database Manager automatically determines which encryptor to use (RC2 Encryptor or AES Encryptor).

CAUTION:  You must back up the keyfile before making changes to it. If the keyfile is lost or damaged, it may not be possible to recover the encrypted data without a backup keyfile.

To run the Key Database Manager

  1. Shut down any server components that are configured to use encryption.

    For information on shutting down server components, see Siebel System Administration Guide.

  2. From the bin subdirectory in the Siebel Server directory, run Key Database Manager the using the following syntax:

    On Windows:

    keydbmgr.exe \u db_username \p db_password \l language \c config_file

    On UNIX:

    keydbmgr /u db_username /p db_password /l language /c config_file

    For descriptions of the flags and parameters, see Table 3.

  3. When prompted, enter the keyfile password.
  4. To exit the utility, enter 3.
  5. Restart any server components that were shut down in Step 1.

    For information on starting server components, see Siebel System Administration Guide.

Table 3 lists the flags and parameters for the Key Database Manager utility.

Table 3.  Key Database Manager Flags and Parameters
Flag
Parameter
Description

/u

db_username

Username for the database user

/p

db_password

Password for the database user

/l

language

Language type

/c

config_file

Full path to the application configuration file, such as siebel.cfg for Siebel Sales.

Adding New Encryption Keys

You can add new encryption keys to the keyfile. The AES Encryptor or RC2 Encryptor uses the latest key in the keyfile to encrypt new data; existing data is decrypted using the original key that was used for encryption, even if a newer key is available. There is no limit to the number of encryption keys that you can store in the keyfile.

CAUTION:  You must back up the keyfile before making changes to it. If the keyfile is lost or damaged, it may not be possible to recover the encrypted data without a backup keyfile.

To add new encryption keys

  1. Shut down any server components that are configured to use encryption.
  2. From the bin subdirectory in the Siebel Server directory, run Key Database Manager.

    For details, see Running Key Database Manager.

  3. To add an encryption key to the keyfile, enter 2.
  4. Enter some seed data to provide random data used in generating the new encryption key.

    The key must be at least 7 characters in length.

  5. Exit the utility by entering 3.

    When exiting the Key Database Manager utility, monitor any error messages that may be generated. If an error occurred, you may need to restore the backup version of the keyfile.

  6. Distribute the new keyfile to all Siebel Servers by copying the file to the admin subdirectory in the Siebel Server directory.
  7. Restart any server components that were shut down in Step 1.

    For information on starting server components, see Siebel System Administration Guide.

Changing the Keyfile Password

The keyfile is encrypted using an encryption key generated from a keyfile password. To prevent unauthorized access, you can change the keyfile password using the Key Database Manager utility. The keyfile will be re-encrypted using a new encryption key generated from the new keyfile password.

Before using AES or RC2 encryption for the first time, you need to change the keyfile password because all versions of the Key Database Manager utility are shipped with the same default password. The default keyfile password is kdbpass. Consider changing the keyfile password regularly to make sure the file is secured.

CAUTION:  You must back up the keyfile before making changes to it. If the keyfile is lost or damaged, it may not be possible to recover the encrypted data without a backup keyfile.

To change the keyfile password

  1. Shut down any server components that are configured to use encryption.
  2. Run the Key Database Manager utility from the bin subdirectory in the Siebel Server directory.

    For more information, see Running Key Database Manager.

  3. To change the keyfile password, enter 1.
  4. Enter the new password.
  5. Confirm the new password.
  6. Exit the utility by entering 3.

    When exiting the Key Database Manager utility, monitor any error messages that may be generated. If an error occurred, you may need to restore the backup version of the keyfile.

  7. Distribute the new keyfile to all Siebel Servers by copying the file to the admin subdirectory in the Siebel Server root directory.
  8. Restart any server components that were shut down in Step 1.

    For information on starting server components, see Siebel System Administration Guide.

    
Security Guide for Siebel eBusiness Applications