You can use XML to modify the properties of a key management server.
-
Use the qlogin command to log on to the CommServe computer.
-
Download the Modify_KMS.xml file and save it on the computer where the command is run.
-
The following table displays the parameters you can use with the command.
Attribute
Description
Parent Element
keyProviderName
The name of the key provider.
provider
encryptionKeyLength
The key length to use with the AES cipher. The following are the supported key lengths for AES cipher:
-
128
-
256
keyProvider
configurationFilePath
The location of the KMIPServers_Template.ini file.
We recommend to not use this configuration file. You can apply the values that are present in the KMIPServers_Template.ini file in the below parameters under the properties parent of this XML file.
properties
host
The IP address or hostname of the third-party key management server. In case of a cluster server, add the host values of all servers separated with a comma.
Note: For CommCell migration, make sure that both the source and the destination CommCells are pointing to the same third-party key management server.
properties
port
The port used by the key management server.
In case of a cluster server, all servers should use the same port.
properties
certFilePath
The location of the client certificate.
Example: C:\Certificates\client.crt (for Salefent) and C:\Certificates\client.pem (for Vormetric)
properties
sslPassPhrase
The passphrase of the certificate if set.
properties
keyFilePath
The location of the client certificate key.
Example: C:\Certificates\clientkey (for Safenet) and C:\Certificates\client_private.pem (for Vormetric)
properties
caCertFilePath
The location of the key management server CA certificate.
Example: C:\Certificates\Local_CA.crt (for Safenet) and C:\Certificates\1.2.3.4_CA.pem (for Vormetric)
properties
userName
The AWS Access Key.
userAccount
password
The AWS Secret Access Key.
userAccount
passphrase
The passphrase for the passphrase key management server.
properties
clientName
The name of the client to store the passphrase file for a passphrase key management server.
client
path
The location to export the passphrase file for a passphrase key management server.
filePath
newKeyProviderName
The new name for the key provider.
App_ModifyEncKeyProviderReq
-
-
To modify a Safenet or Vormetric key management server, execute the following command from the <software_installation_directory>/Base folder after substituting the parameter values:
qoperation execute -af downloaded location\Modify_KMS.xml -keyProviderName xxxxx -encryptionKeyLength xxx -sslPassPhrase xxx -host xxx -port xxxx -certFilePath xxx -keyFilePath xxx -caCertFilePath xxxExample:
Execute the following command to modify the properties of a key management server with key provider name "Safenet" as encryption key length "128", passphrase "sslphrase!12", host "172.19.119.222", port "9002", client certificate location "C:\Certificates\client.pem". client certificate key location "C:\Certificates\client_private.pem", key management server CA certificate location "C:\Certificates\1.2.3.4_CA.pem", and new key provider name "Vormetric":
qoperation execute -af downloaded location\Modify_KMS.xml -keyProviderName Safenet -encryptionKeyLength 128 -sslPassPhrase sslphrase!12 -host 172.19.119.222 -port 9002 -certFilePath C:\Certificates\client.pem -keyFilePath C:\Certificates\client_private.pem -caCertFilePath C:\Certificates\1.2.3.4_CA.pem -newKeyProviderName Vormetric -
To modify an AWS key management server, execute the following command from the <software_installation_directory>/Base folder after substituting the parameter values:
qoperation execute -af downloaded location\Modify_KMS.xml -keyProviderName xxxxx -regionName xxxx -userName xxxx -password xxxx -newKeyProviderName xxxxExample:
Execute the following command to modify the properties of a key management server with key provider name "AWS" as region name "Asia Pacific (Mumbai)", Access Key "accesskey", Secret Access Key "secretkey", and new key provider name "AWS_Modified":
qoperation execute -af downloaded location\Add_KMS.xml -keyProviderName AWS -keyProviderType AWS_KMS -regionName 'Asia Pacific (Mumbai)' -userName accesskey -password secretkey -newKeyProviderName AWS_Modified -
To modify the passphrase for a passphrase key management server, execute the following command from the <software_installation_directory>/Base folder after substituting the parameter values:
qoperation execute -af downloaded location\Modify_KMS.xml -keyProviderName xxx -–oldPassphrase xxx –passphrase xxx –rotatePassphrase trueExample:
Execute the following command to modify the passphrase of a passphrase key management server with key provider name "PassphraseKMS", old passphrase "demo passphrase", and new passphrase "new demo passphrase".
qoperation execute -af downloaded location\Modify_KMS.xml -keyProviderName PassphraseKMS -–oldPassphrase "demo passphrase" –passphrase "new demo passphrase" –rotatePassphrase true -
To modify the export location of the passphrase file for a passphrase key management server, execute the following command from the <software_installation_directory>/Base folder after substituting the parameter values:
qoperation execute -af downloaded location\Modify_KMS.xml -keyProviderName xxx –passphraseClient/client/clientName xxx -passphraseClient/filePath/path xxxExample:
Execute the following command to modify the export location of the passphrase file for a passphrase key management server with key provider name "PassphraseKMS", new client name "client2", and export location on new client “d:\Passphrase”.
qoperation execute -af downloaded location\Modify_KMS.xml -keyProviderName PassphraseKMS –passphraseClient/client/clientName client2 -passphraseClient/filePath/path d:\Passphrase
Click here to see sample output.