Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual page 240
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.3 - ADMINISTRATION:
- Manual (98 pages) ,
- Release note (24 pages) ,
- Manual (76 pages)
Table of Contents
Advertisement
Chapter 9. Token Key Service
3. Create a transport key called transport.
tksTool -T -d . -n transport -p certDBPrefix
The tksTool utility prints out the KCV values for each of the three session keys that are
generated. Save them to file since these are all necessary to regenerate the transport key if it is
lost.
4. When prompted, fill in the database password, then type in some noise to seed the random
number generator.
5. Use the transport key to generate and wrap a master key and store it in a file called file.
tksTool -W -d . -n new_master -t transport -o file -p certDBPrefix
Enter Password or Pin for "NSS Certificate DB":
Retrieving the transport key (for wrapping) from the specified token . . .
Generating and storing the master key on the specified token . . .
Naming the master key "wrapped_master" . . .
Successfully generated, stored, and named the master key!
Using the transport key to wrap and store the master key . . .
Writing the wrapped data (and resident master key KCV) into the
file called "file" . . .
wrapped data:
master key KCV: CED9 4A7B
(computed KCV of the master key residing inside the wrapped data)
6. Use the transport key to unwrap a master key called new_master stored in a file called file.
tksTool -U -d . -n new_master -t transport -i file
Enter Password or Pin for "NSS Certificate DB":
Retrieving the transport key from the specified token (for
unwrapping) . . .
Reading in the wrapped data (and resident master key KCV) from
the file called "file" . . .
wrapped data:
master key KCV: CED9 4A7B
(pre-computed KCV of the master key residing inside the wrapped data)
Using the transport key to temporarily unwrap the master key to
recompute its KCV value to check against its pre-computed KCV value . . .
master key KCV: CED9 4A7B
(computed KCV of the master key residing inside the wrapped data)
master key KCV: CED9 4A7B
(pre-computed KCV of the master key residing inside the wrapped data)
Using the transport key to unwrap and store the master key on the
specified token . . .
Naming the master key "new_master" . . .
Successfully unwrapped, stored, and named the master key!
The tksTool utility generates a new master key, wraps it with the transport key, and then extracts
it to the output file which can be used as a backup if the master key is lost.
218
47C0 06DB 7D3F D9ED
FE91 7E6F A7E5 91B9
47C0 06DB 7D3F D9ED
FE91 7E6F A7E5 91B9
-p certDBPrefix
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION
Related Products for Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION
- Red Hat CERTIFICATE SYSTEM 7.0 - MIGRATION GUIDE
- Red Hat CERTIFICATE 7.1 ADMINISTRATOR
- Red Hat LINUX 7.2 - S-390
- Red Hat LINUX 7.1 - PSERIES
- Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0
- Red Hat CERTIFICATE SYSTEM 7.2 - AGENT GUIDE
- Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.3 - ADMINISTRATION and is the answer not in the manual?
Questions and answers