Product Documentation
Abstract
IBM Content Navigator 3.0.5 iFix 2 allows administrators to rotate the key encryption key (KEK) and data encryption keys (DEKs) by using the command line of the browser console.
Content
You can rotate the ICN crypto keys to improve the security of your ICN system or if the keys are suspected of being compromised. You would need to rotate the DEKs in case the KEK is lost and a new KEK had to be generated.
To rotate the keys, complete the following steps:
1. If the ICN configuration directory is not shared with all ICN servers, stop all servers and start one of the servers.
2. Log in to the ICN admin desktop.
3. Open the browser console:
Internet Explorer: F12 Developer Tools > Console
Firefox: Web Developer > Web Console
Chrome: More tools > Developer tools > Console
Firefox: Web Developer > Web Console
Chrome: More tools > Developer tools > Console
4. Run one or both of the following commands as needed:
icn.admin.keys.rotateKEK()
icn.admin.keys.rotateDEKs()
icn.admin.keys.rotateDEKs()
If the desktop status bar is enabled, you see messages indicating the keys are rotated.
Note: The commands have been renamed starting ICN 3.0.13. Run the following commands for earlier versions of ICN.
icn.admin.keys.rotateMasterKey()
icn.admin.keys.rotateDataKeys()
5. If you rotated the KEK, back up the new KEK as described in the following technote.
Note: The old KEK is renamed and kept when the KEK is rotated and can be used to unwrap the DEKs in case the DEKs were failed to be rewrapped with the new KEK during rotation. Up to two old KEKs are kept.
6. If the ICN configuration directory is not shared with all ICN servers, synchronize the new KEK to other ICN servers as described in the following technote.
7. Start all ICN servers.
Note: It is recommended that you rotate the keys and back up the KEK when you upgrade ICN.
Related Information
Document Location
Worldwide
[{"Business Unit":{"code":"BU056","label":"Miscellaneous"},"Product":{"code":"SSEUEX","label":"IBM Content Navigator"},"Component":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF051","label":"Linux on IBM Z Systems"},{"code":"PF033","label":"Windows"}],"Version":"3.0.5 iFix 2 or later","Edition":"","Line of Business":{"code":"LOB18","label":"Miscellaneous LOB"}}]
Product Synonym
ICN
Was this topic helpful?
Document Information
Modified date:
16 December 2022
UID
ibm10876336