The nzconfigcrypto command

Use the nzconfigcrypto command to enable or disable the enhanced cryptography support.

Syntax

The nzconfigcrypto command has the following syntax:

nzconfigcrypto -HK <key_store.key_name> 
               [-LDPBNDPW <ldap_bind_password>] 
               [-enable | -disable]

Inputs

The nzconfigcrypto command takes the following inputs:
Table 1. The nzconfigcrypto input options
Input Description
-HK <key_store.key_name> The -HK argument is required when you specify the -enable option. Specifies an existing host key on the system. You must specify a host key of type AES_256. The command sets the default host key to this value when you enable enhanced cryptography support. If your system already uses a default AES-256 host key, you can supply that keystore.keyname as input to the command.
-LDPBNDPW <ldap_bind_password> If you use LDAP connections to access the Performance Server system, specifies the password for binding to the LDAP server.
-enable Enables the enhanced cryptography support.
-disable Disables the enhanced cryptography support. The -disable option is the default if you do not specify either -enable or -disable with the command.

Description

Privileges required
You must log in to the Netezza Performance Server system as the nz user to run this command.
Common tasks
Use the nzconfigcrypto command to enable or to disable the enhanced cryptography support on a Netezza Performance Server system.

Error Messages

The nzconfigcrypto command can return the following errors for invalid arguments or settings.

Table 2. The nzconfigcrypto input options
Message Description
ERROR: LookupCryptoKey: object "key" not found The error message indicates that the supplied host key was not found. Check the keystore and key name that you entered to make sure that you specified them correctly and retry the command with the correct values. You can use the SHOW KEYSTORE keystore VERBOSE command to display the names of the keys and their types in the keystore.
ERROR: New Hostkey can't be retrieved keystore.keyname The error message indicates that the key name values are for a key that is not of type AES_256. An AES_256 type key is required for the nzconfigcrypto command.