The nzkeybackup command

Use the nzkeybackup command to create a backup copy of the SED AEK key store.

Syntax

The nzkeybackup command has the following syntax.

nzkeybackup [-h] 
nzkeybackup [-sklm] <file>

Options

The nzkeybackup command takes the following options:

Table 1. The nzkeybackup input options
Input	Description
`<file>`	Specifies the file name for the compressed tar file backup of the key store.
-sklm	Obtains the keys from the IBM Security Key Lifecycle Manager server to store them in the specified file.

Description

You use the nzkeybackup command to create a compressed tar file backup of the key store. The command validates the key store before it creates the backup to alert you to any problems. You should create a backup of the key store after you change the AEKs. As a best practice, you should store the backup tar file in a safe location that is not on the NPS system as a precaution in the event of a disk problem on your system. The command logs information when it runs to /nz/kit/log/keydb/keydb.log.

The nzkeybackup command is installed in /nz/kit/bin/adm. You must be logged in to the NPS system as the root user to run the command. You must either change to the adm directory and run the command from that location or have that directory in your root user's path to run the command.

Important: Make sure that you control access to the nzkeybackup and the nzhostbackup compressed tar files because they contain the key store. If access is not restricted, the contents of the key store could be read by an authorized Performance Server operating system user. Although the key store is encrypted, users who have access to the backup files could read the key store with the nzkey command.

Usage

To create a key store backup file:

[root@nzhost-h1 ~]# /nz/kit/bin/adm/nzkeybackup /nz/var/keybackup.tar.gz
Keystore archive /nz/var/keybackup.tar.gz written

Note: Ensure that the spukey file is at the default location /nz/var/kesystore before you take a backup.