Importing Pervasive Encryption keys
In the event that AES DATA keys for PE have already been generated and stored in a keystore, prior to deploying UKO, it is possible to import the key and store it in the Db2 repository for better backup and recovery.
Note: Currently this is only possible in the Legacy EKMF Web interface. The process is as follows:
- Go to Key Management > Keystores menu to see the current keystores.
- Locate the the KMG keystore that connects to the system you want to import keys from.
- Click on the overflow menu (...) of that keystore and select
- The following view will display a list of all AES DATA keys in the keystore including their
MANAGED). Select one or more keys that have a status of
Proceed to detailsat the bottom.
- If existing key templates are defined in a way that would match the key label, they are available for selection and after choosing one, you can
Import keyafter which the key is securely imported from the keystore and saved in the UKO repository.
If no template can be determined, the dropdown will be empty and you will need to first create one and assign it to the keystore you are working with. Then try the import again.
Keys marked as
NON-IMPORTABLE are AES CIPHER keys which cannot be imported at this time. Keys marked as
MANAGED are already present in the Db2 repository, so import is not necessary.