Synchronizing Encryption Keys

Use this procedure to synchronize the encryption keys on the source and destination systems. If you do not perform this procedure, any encrypted data copied to the destination system will not be usable.

This procedure creates a backup of the authen.dat, .ssokeystore, and .ssotruststore files in $LASYSDIR/.ssobackup on the destination system. If you encounter a problem when running this procedure, you can copy these files from the backup directory to the $LASYSDIR directory and run the procedure again. If you run this procedure repeatedly, it will not copy over any authen.dat file that exists already in the backup directory. If you want a different authen.dat in the backup directory, move the existing one elsewhere.

You can also check the security_authen.log file for possible errors.

Note: 

After you perform this procedure and then proceed to copy application data, if you later need to copy application data between the same two environments, you do not need to perform the encryption synchronization key process again.

To synchronize encryption keys

  1. Open a Landmark command line session in the destination environment.
  2. If the security utilities are password-protected on the destination environment, at the command line, type

    secadm -p password keys update sourcePassword sourceHost sourcePort

    If the security utilities are not password-protected on the destination environment, at the command line, type

    secadm keys update destinationPassword sourcePassword sourceHost sourcePort

    where the parameters have the following meaning:

    Parameter Description
    -p password The security utilities password for the destination environment.
    destinationPassword The security utilities password for the destination environment.
    sourcePassword The security utilities password for the source environment.
    sourceHost The host name of the source environment. For the value, see the lssservice.properties file in $LASYSDIR in the source environment.
    sourcePort The non-SSL port of the source environment. For the value, see the lssservice.properties file in $LASYSDIR in the source environment.
    Note: 

    You can also perform this procedure through the secadm -m menu. From the main menu, select Key Management and then Update destination Keys by source Keys. You will then be presented with a series of prompts similar to the parameters described above.