Sun Identity Manager 8.1 Business Administrator's Guide

Frequently Asked Questions about Gateway Keys

Read the following sections for answers to frequently asked questions about gateway source, storage, distribution, and protection.

Question:

Where do the gateway keys come from to encrypt or decrypt data?

Answer:

Each time an Identity Manager Server connects to a gateway, the initial handshake will generate a new random 168-bit, triple-DES session key. This key will be used to encrypt or decrypt all subsequent data transmitted between that server and that gateway. There is a unique session key generated for each server/gateway pair.

Question:

How are gateway keys distributed to the gateways?

Answer:

Session keys are randomly generated by the server and then securely exchanged between server and gateway by encrypting them with the shared secret master key as part of the initial server-to-gateway handshake.

At initial handshake time, the server queries the gateway to determine which mode it supports. The gateway can operate in two modes

Question:

Can I update the gateway keys used to encrypt or decrypt the server-to-gateway payload?

Answer:

Identity Manager provides a task called Manage Server Encryption that allows an authorized security administrator to do several key management tasks, including generate a new “current” gateway key and update all gateways with the “current” gateway key. This is the key that is used to encrypt the per-session key used to protect all payload transmitted between server and gateway. The newly generated gateway key will be encrypted with either the default key or PBE key, depending on the value of the pbeEncrypt attribute in the System Configuration (Editing Identity Manager Configuration Objects).

Question:

Where are the gateway keys stored on the server, on the gateway?

Answer:

On the server, the gateway key is stored in the repository just like server keys. On the gateway, the gateway key is stored in a local registry key.

Question:

How are gateway keys protected?

Answer:

The gateway key is protected the same way server keys are. If the server is configured to use PBE encryption, the gateway key will be encrypted with a PBE generated key. If the option is false, it will be encrypted with the default key. See Frequently Asked Questions about Server Encryption Keys for more information.

Question:

Can I export the gateway key for safe external storage?

Answer:

The gateway key can be exported using the Manage Server Encryption task, just as with server keys. See Frequently Asked Questions about Server Encryption Keys for more information.

Question:

How are server and gateway keys destroyed?

Answer:

Server and gateway keys are destroyed by deleting them from the server repository. Note that a key should not be deleted as long as any server data is still encrypted with that key or any gateway is still relying on that key. Use the Manage Server Encryption task to re-encrypt all server data with the current server key and to synchronize the current gateway key to all gateways to ensure no old keys are still being used before they are deleted.