Changing the encryption key

You can change the encryption key that Network Manager uses when performing password encryption.

Before you begin

Before changing the encryption key, you must first decrypt all the passwords currently used in configuration files using the ncp_crypt utility in the ITNMHOME/bin directory:
ncp_crypt -password password -decrypt

Where password is the password to decrypt.

About this task

During installation of Network Manager, a 128–bit encryption key is generated and is stored in the following location: $NCHOME/etc/security/keys/conf.key. You can change the encryption key using the Tivoli Netcool/OMNIbus utility nco_keygen.

Note: If you want to change the encryption key length, see Configuring encryption length and type.

To change the encryption key:

Procedure

  1. Shut down all Network Manager processes.
    You can use the itnm_stop command.
  2. If you have changed the length of the encryption key, edit the $NCHOME/etc/precision/ConfigSchema.cfg file and change the value that is inserted into config.settings.m_KeyLength to the length of the new key in bits. Permitted values are 128, 192 and 256.
  3. Use the nco_keygen utility to generate a new encryption key. Ensure that you specify the output file as $NCHOME/etc/security/keys/conf.key.
  4. Restart all Network Manager processes.
    You can use the itnm_start command.
  5. Using the new encryption key, reencrypt all the passwords currently used in configuration files using the ncp_crypt utility by typing the following command. 
    ncp_crypt -password password
    Where password is the password to encrypt.