Exporting a key by using the graphical user interface
You can export symmetric and private keys to an encrypted keystore file on an IBM® Security Guardium® Key Lifecycle Manager server. You can then import the keys from this file into another IBM Security Guardium Key Lifecycle Manager server to enable data transfer between these servers.
Go to the appropriate page or directory.
- Log on to the graphical user interface.
- From the main menu, click Search.
- In the left Search pane, in Objects Type, select Symmetric Key or Private Key, depending on which keys you want to search. Alternatively, you can also search for device groups whose keys you want to export.
The keys of selected key type are listed in the right pane.
Export the keys to a keystore file.
- From the list of keys in the right pane, select the keys that you want to export (Use CTRL to select multiple keys), and click Export.
- In the Export Symmetric Keys or Export Private Keys window, specify a name for the keystore file that is used to store the exported keys.
Specify a different file location to save the keystore file. By default, the File
location field displays the default SKLM_DATA directory path, where the keystore file is
For example, C:\Program Files\IBM\WebSphere\Liberty\products\sklm\data.For the definition of SKLM_DATA, see Definitions for HOME and other directory variables.
- For symmetric key type: Specify a certificate as the key alias. The Certificate is the public key entry in the keystore that is used to encrypt the symmetric keys. Only the holder of the corresponding private key can access the keys.
For private key type: Create an encryption password.
This password will be used to decrypt the keystore file while importing the keys into an IBM Security Guardium Key Lifecycle Manager server.
- Click Export.
What to do next
Import the keys into the IBM Security Guardium Key Lifecycle Manager server with which you want to enable data transfer.