Exporting encryption keys

You must generate security keys that allow Datacap to encrypt and decrypt passwords. To replace existing keys with new keys, you can specify a parameter to generate encryption keys to a local store. You can specify a different parameter to export the encryption keys from the local keystore to a file that can be imported to other computers.

About this task

You must generate and use the security encryption keys that allow Datacap to encrypt and decrypt the passwords that are used by users, services, and processes to access the Datacap server service and to log in to databases.

In a single machine configuration, you must generate and export the encryption keys that all of the Datacap components on the single machine use.

In a client/server configuration, you must generate and export matching security encryption keys from the server on which the Datacap server software component is installed to all of the computers on which any Datacap component is installed. This requirement secures any passwords that are passed over or received from the network by the Datacap component.

Procedure

To generate encryption keys and export them:

  1. Open a command prompt and navigate to the C:\Datacap\Taskmaster folder.
    In a client/server configuration, perform this step on the computer on which the Datacap server software component is installed.
  2. Run the key management program, dcskey.exe, inserting one or more of the following parameters in the command.
    For example, to export keys during a new Datacap installation, you would enter dcskey.exe e.
    e
    Exports the encryption keys from the local keystore to a dc_KTF.xml key transport file. You can use this file to import the keys to other computers. If no keys exist in the keystore, the e parameter generates new ones before the export. If keys exist in the keystore, the e parameter exports those keys.
    gnk
    Generates, but does not export, encryption keys in the local keystore. Use this parameter any time you must replace existing keys with new keys. For example, you would run the command dcskey.exe gnk e to replace existing keys and export them. The newly exported keys would then must be imported onto all other Datacap computers in your configuration.