Use Secret Keys to manage dynamic keys that encrypt or decrypt data. If you suspect that a user gained unauthorized access to a key, you can change the password for the keystore. The keystore is the database that stores secret keys. Once you change this password, CA Identity Manager re-encrypts the values of the keys.
Each environment has a set of dynamic keys and a keystore password. If environments share a user directory, use the same dynamic keys and keystore password for each environment.
Keystore passwords are encrypted using keys embedded in encryption code or the parameters that are entered during installation of the CA Identity Manager server. In a cluster, all nodes share the values for dynamic keys and the keystore password.
Encryption operations use the latest dynamic key for the correspondent algorithm and environment. Decryption operations check if a Key ID exists in the encrypted data, so that the right key is used. The Encrypted Text Formats section of the Configuration Guide provides more details.
Follow these steps:
For PBE and RC2, the maximum key length is 128 bytes.
For AES, the valid key sizes are 16, 24, and 32 bytes.
CA Identity Manager encrypts the values of the keys again.
Copyright © 2015 CA Technologies.
All rights reserved.
|
|