Troubleshooting key management

You might need to resolve issues and errors that occur during key generation, activation, and distribution.

  • If you use a Flash-based portable memory device, which most USB sticks or SD cards are, it is difficult to securely erase data from them. Therefore, you must store the portable memory device in a safe location for the entire time that the master key is valid. If you ever need to erase the master key on such a portable memory device, the safest way is physical destruction.
  • If IBM® Safer Payments cannot locate the revoked_keys.iris file during startup, or if the file is tampered with, IBM Safer Payments creates a log message and shuts down immediately.
  • If IBM Safer Payments finds an active key that is on the no-fly list, IBM Safer Payments securely deletes the key from the key subdirectory and shuts down immediately. If the key is not active, IBM Safer Payments creates a log message, securely deletes the key from the key subdirectory, and continues with startup.
  • If you run a key reload from the Encryption Keys page of the user interface, the following problems can occur:
    • If IBM Safer Payments cannot locate the revoked_keys.iris file, or the file is tampered with, an error message on the user interface and a log message are created, reloading is stopped, yet operations resume.
    • If IBM Safer Payments finds keys that are on the no-fly list, the keys are securely deleted from the key subdirectory, an error message on the user interface and a log message are created.