GitHubContribute in GitHub: Edit online

Importing Pervasive Encryption keys

In the event that AES DATA keys for PE have already been generated and stored in a keystore, prior to deploying UKO, it is possible to import the key and store it in the Db2 repository for better backup and recovery.

Note: Currently this is only possible in the Legacy EKMF Web interface. The process is as follows:

  1. Go to Key Management > Keystores menu to see the current keystores.
  2. Locate the the KMG keystore that connects to the system you want to import keys from.
  3. Click on the overflow menu (...) of that keystore and select Import keys.
    Import keys from keystores
    Import keys from keystores
  4. The following view will display a list of all AES DATA keys in the keystore including their Label, Algorithm, Type and Status (NON-IMPORTABLE, IMPORTABLE, MANAGED). Select one or more keys that have a status of IMPORTABLE and click Proceed to details at the bottom.
    Import key list
    Import key list
  5. If existing key templates are defined in a way that would match the key label, they are available for selection and after choosing one, you can Import key after which the key is securely imported from the keystore and saved in the UKO repository.
    If no template can be determined, the dropdown will be empty and you will need to first create one and assign it to the keystore you are working with. Then try the import again.
    Import key
    Import key

Keys marked as NON-IMPORTABLE are AES CIPHER keys which cannot be imported at this time. Keys marked as MANAGED are already present in the Db2 repository, so import is not necessary.