Managing the Key File Using the Key Database Manager

This topic describes how to run the Key Database Manager utility to add new encryption keys to the key file (keyfile.bin) and to change the key file password. The key file is encrypted with the key file password, which is supplied by the Admin user. The key file password is encrypted with the default key from keyfile.bin and default AES-256 encryption; the encrypted password is stored in the Siebel database. The AES Encryptor uses the key in the key file to encrypt new data.

Caution: You must back up the key file before making changes to it. If the key file is lost or damaged, then it is not possible to recover the encrypted data without a backup key file.

The Key Database Manager utility is named keydbmgr.exe on Microsoft Windows and keydbmgr on UNIX operating systems. It is located in the bin subdirectory of the Siebel Server directory.

Caution: Before starting a migration installation for Siebel Enterprise Server, you must make a copy of the original key file (keyfile.bin). You must do this because when data encryption is enabled, the migration process creates a new key file overwriting your existing keyfile.bin. After the migration installation, copy back the original key file. For more information about Siebel migration installation, see Siebel Installation Guide.

To run the Key Database Manager

1. Shut down any server components that are configured to use encryption.

   For information on shutting down server components, see Siebel System Administration Guide.

2. From the bin subdirectory in the Siebel Server directory, run Key Database Manager using the following syntax:

   keydbmgr /u db_username /p db_password /l language /c config_file 
   

   For descriptions of the flags and parameters, see the table in this topic.

3. When prompted, enter the key file password:

   • To add a new encryption key, see Adding New Encryption Keys.

   • To change the key file password, see Changing the Key File Password.

4. To exit the utility, enter 3.

5. Restart any server components that were shut down in the first step of this procedure.

   For information on starting server components, see Siebel System Administration Guide.

The following table lists the flags and parameters for the Key Database Manager utility.

Flag	Parameter	Description
/u	db_username	User name for the database user.
/p	db_password	Password for the database user.
/l	language	Language type.
/c	config_file	Full path to the application configuration file (siebel.cfg for Siebel Sales).

The following topics provide information on adding new encryption keys to the key file and changing the key file password:

• Adding New Encryption Keys

• Changing the Key File Password