Generating a Unique Encryption Key

You use the PSCipher Java utility's buildkey command to build new AES encryption keys. The buildkey command adds a new AES stored in the psvault file (the key file). If you generate new versions of the key file, the system appends the new version of the key to the end of the key file.

To invoke the command on a Windows server, change to the directory where PSCipher resides and enter:

...\pscipher -buildkey

To invoke the command on UNIX, change to the directory where PSCipher resides and enter:

.../PSCipher.sh -buildkey

Select one web server in your system to generate the new version of the key file. The pscipher.bat and PSCipher.sh utilities only run in the Java environment of the web server. After you have created the new key file, you then copy the new version of psvault from the initial server to the appropriate directories on all the appropriate servers in your system. The psvault file is stored in different directories depending on your web server vender (as described in the following sections). On the application server the psvault file resides in <PS_HOME>\secvault.

Note: If you are not using the default encryption key and you have generated a unique encryption key, note that each time you add a new server to your system, you will need to copy the key file to the appropriate location on that server. For example, if you are using the default key version ({V2.1}), any server you add to the system and install PeopleTools on will also have the default key version ({V2.1}). As such, no further steps are required. However, if you have generated a new key, giving the version number a value of {V2.1} or greater, then you need to make sure to copy that key file to the added server(s). Also, each time you update the key, you need to ensure that the new version of the key file is copied to the additional servers in your system.

Warning! When you upgrade to new PeopleTools releases, as in PeopleTools 8.48 to PeopleTools 8.50, you will need to backup any modifications you have made to the key file using PSCipher in the previous release and reapply that same key file to the appropriate servers onto which you have installed the new PeopleTools release.