Managing secret keys on AIX, Linux, and Windows

Follow this procedure to manage secret keys in a key repository.

You can manage secret keys by using the runmqakm command. Secret keys that are generated by using the runmqktool (keytool) command cannot be used with IBM® MQ.

Creating a secret key

Issue the following command to create a random secret key with the runmqakm command:

runmqakm -secretkey -create -db filename -pw password
         -label label -size key_size

where:

-db filename: Specifies the fully qualified file name of the key repository. The key repository must already exist.
-pw password: Specifies the password for the key repository.
-label label: Specifies the label that is attached to the key.
-size key_size: Specifies the key size in bytes.

For more information about these parameters and the values that can be specified, see runmqakm -secretkey.

Extracting a secret key

Issue the following command to extract a secret key with the runmqakm command:

runmqakm -secretkey -extract -db filename -pw password
         -label label -target filename -format format

where:

-db filename: Specifies the fully qualified file name of the key repository. The key repository must already exist.
-pw password: Specifies the password for the key repository.
-label label: Specifies the label of the key to extract.
-target filename: Specifies the fully qualified file name of the destination file.
-format format: Specifies the format of the key in the destination file. The value can be ascii for Base64-encoded ASCII or binary for a binary copy of the key. The default is ascii.

For more information about these parameters and the values that can be specified, see runmqakm -secretkey.

Adding a secret key

Issue the following command to extract a secret key with the runmqakm command:

runmqakm -secretkey -add -db filename -pw password
         -label label -file filename -format format

where:

-db filename: Specifies the fully qualified file name of the key repository. The key repository must already exist.
-pw password: Specifies the password for the key repository.
-label label: Specifies the label that is attached to the key.
-file filename: Specifies the name of the file containing the key.
-format format: Specifies the format of the key. The value can be ascii for Base64-encoded ASCII or binary for binary data. The default is ascii.

For more information about these parameters and the values that can be specified, see runmqakm -secretkey.