Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual page 170
Hide thumbs
Also See for CERTIFICATE SYSTEM 8.0 - ADMINISTRATION:
- Using manual (48 pages) ,
- Agents manual (146 pages) ,
- Manual (124 pages)
Table of Contents
Advertisement
Chapter 5. Using and Configuring the Token Management System: TPS, TKS, and Enterprise Security Client
Generating second symmetric key . . .
Generating third symmetric key . . .
Extracting transport key from operational token . . .
transport key KCV:
Storing transport key on final specified token . . .
Naming transport key "transport" . . .
Successfully generated, stored, and named the transport key!
NOTE
The tkstool utility prints out the KCV values for each of the three session keys
that are generated. Save them to file since these are all necessary to regenerate the
transport key if it is lost.
4. Optionally, run the tkstool command with the -I option to produce an identical transport key;
this is generally used within another set of databases which need to use identical transport keys.
tkstool -I -d . -n verify_transport
When this command is run, multiple session key shares and KCVs are generated, as with the
initial transport key generation. Write down all of this information.
5. Use the transport key to generate and wrap a master key and store it in a file called file.
tkstool -W -d . -n new_master -t transport -o file
Enter Password or Pin for "NSS Certificate DB":
Retrieving the transport key (for wrapping) from the specified token . . .
Generating and storing the master key on the specified token . . .
Naming the master key "wrapped_master" . . .
Successfully generated, stored, and named the master key!
Using the transport key to wrap and store the master key . . .
Writing the wrapped data (and resident master key KCV) into the
file called "file" . . .
wrapped data:
master key KCV: CED9 4A7B
(computed KCV of the master key residing inside the wrapped data)
6. Copy the wrapped transport key over to the appropriate locations or facility.
7. If necessary, generate new security databases on the HSM or at the facility.
tkstool -N -d directory
8. Use the transport key to unwrap the master key stored in the file.
148
444F D5C2
47C0 06DB 7D3F D9ED
FE91 7E6F A7E5 91B9
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
Related Products for Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
- Red Hat CERTIFICATE 7.2 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE
- Red Hat CERTIFICATE SYSTEM 7.1 - ADMINSISTRATOR
- Red Hat CERTIFICATE 7.3 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT
- Red Hat CERTIFICATE SYSTEM 8 - AGENTS GUIDE
- Red Hat CERTIFICATE 8.0 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM ENTERPRISE - SECURITY GUIDE
- Red Hat CLUSTER SUITE - CONFIGURING AND MANAGING A CLUSTER 2006
- Red Hat CLUSTER MANAGER - INSTALLATION AND
- Red Hat Cluster Suite
- Red Hat Application Server
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
Need help?
Do you have a question about the CERTIFICATE SYSTEM 8.0 - ADMINISTRATION and is the answer not in the manual?
Questions and answers