When attempting to generate and/or export keys using the dcskey command, you receive the error, "Keys couldn't be exported. Unable to decrypt the FIPS key"
Enabling the Use FIPS compliant algorithms for encryption, hashing and signing security policy can cause this error
Resolving The Problem
To allow the keys to be exported properly:
- Select Local Security Policy under Administrative tools
- Navigate to Local Policies - Security Options
- Select System Cryptography: Use FIPS compliant algorithms for encryption, hashing and signing and be sure it is Disabled
- Run dcskey e again to export the key
Internal Use Only
This technote was generated by Technote Kickstart 22.214.171.124 based on Industry Solutions PMR 07692,082,000.
View the associated PMR's text via Wellspring at: http://eclient.lenexa.ibm.com:9082/DocFetcher/source/PMR/07692.082.000%20O13/09/03
17 June 2018