IBM Support

Errors related to encryption files

Technical Blog Post


Abstract

Errors related to encryption files

Body

When you lost keystore file(key database), which is normally ccardskeystore.p12, you can NOT even connect your encrypted database which has master key info in that file. Without the original keystore file, you never access the database. So please keep your keystore file securely.

 
In this blog, I will check the exact error messages when you lost your encryption related files.
 
 
1. keystore file missing:SQL1728N RC2
v111_11@woongc1:/home/v111_11/tst_encrypt> mv ccardskeystore.p12 ccardskeystore.p12.bak
v111_11@woongc1:/home/v111_11/tst_encrypt> db2 connect to mydb
SQL1728N  The command or operation failed because the keystore could not be
accessed. Reason code "2".
 
 
2. master key info missing:SQL1730N
After missing the keystore file, some customers tried to make keystore file again and tried to connect to their encrypted database. But the file does not have the master key info, you will get SQL1730N RC 3.
 
v111_11@woongc1:/home/v111_11/tst_encrypt> $HOME/sqllib/gskit/bin/gsk8capicmd_64 -keydb -create -db ccardskeystore.p12 -pw Str0ngPassw0rd -strong -type pkcs12 -stash
 
v111_11@woongc1:/home/v111_11/tst_encrypt> ls -al
total 16
drwxr-xr-x  2 v111_11 db2iadm 4096 2017-11-27 09:01 .
drwxr-xr-x 12 v111_11 db2iadm 4096 2017-11-27 08:52 ..
-rw-------  1 v111_11 db2iadm    0 2017-11-27 09:01 ccardskeystore.p12
-rw-------  1 v111_11 db2iadm 3500 2017-11-27 08:58 ccardskeystore.p12.bak
-rw-------  1 v111_11 db2iadm  129 2017-11-27 09:01 ccardskeystore.sth
>>>>> new keystore file is created but zero size
 
v111_11@woongc1:/home/v111_11/tst_encrypt> db2 connect to mydb
SQL1730N  The command or operation failed because the master key label does
not exist in the keystore. Label being used:
"DB2_SYSGEN_v111_11_MYDB_2017-11-27-08.57.59_BA394A64". File type number: "DB
CFG". File name: "SQLDBCONF".
 
 
3. stash file missing:SQL1728N RC3
v111_11@woongc1:/home/v111_11/tst_encrypt> mv ccardskeystore.sth ccardskeystore.sth.bak
 
v111_11@woongc1:/home/v111_11/tst_encrypt> db2 connect to mydb
SQL1728N  The command or operation failed because the keystore could not be
accessed. Reason code "3".
 
 
For more information about the error message, please check the following links.

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEPGG","label":"DB2 for Linux, UNIX and Windows"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":""}]

UID

ibm13286161