You can change the encryption key that Network Manager uses
when performing password encryption.
Before you begin
Before changing the encryption key, you must first decrypt all
the passwords currently used in configuration files using the ncp_crypt
utility in the
ITNMHOME/bin
directory:ncp_crypt -password password -decrypt
Where
password is the password to decrypt.
About this task
During installation of Network Manager, a 128–bit encryption key is
generated and is stored in the following location: $NCHOME/etc/security/keys/conf.key. You can change the encryption key using the Tivoli Netcool/OMNIbus utility
nco_keygen.
To change the encryption key:
Procedure
-
Shut down all Network Manager
processes.
You can use the itnm_stop
command.
- If you have changed the length of the encryption key, edit the $NCHOME/etc/precision/ConfigSchema.cfg file and change the value that is inserted into
config.settings.m_KeyLength
to the length of the new key in bits. Permitted values
are 128
, 192
and 256
.
- Use the nco_keygen utility to generate a new encryption key. Ensure
that you specify the output file as $NCHOME/etc/security/keys/conf.key.
-
Restart all Network Manager
processes.
You can use the itnm_start
command.
-
Using the new encryption key, reencrypt all the passwords currently used in
configuration files using the ncp_crypt utility by typing the
following command.
ncp_crypt -password password
Where
password is the password to encrypt.