IBM is providing a new parameter to the asnpwd command to enable customers to migrate password files that were created before Version 9.5 Fix Pack 2 to a new encryption method. This migration will enable newer replication programs to work with your existing password files.
Support for migrating existing password files will be removed in the near future and customers are urged to migrate any existing password files that were created before Version 9.5 Fix Pack 2.
Password files that were created by asnpwd starting with Version 9.5 Fix Pack 2 are encrypted using the newer Advanced Encyrption Standard (AES) method. If you have a password file that was created by asnpwd at or above V9.5 Fix Pack 2, replication programs that are older than V9.5 Fix Pack 2 cannot read the password file.
Up to now, newer replication programs have been able to work with the older password files that use Data Encryption Standard (DES). But IBM is removing that support in an upcoming release, and replication programs will no longer be able to work with DES-encrypted password files.
Information about new migrate parameter
The asnpwd migrate function will convert a DES-encrypted password file into an AES-encrypted password file. The syntax of the new parameter is as follows:
For example, to migrate a DES-encrypted password file named desencryptall.aut to AES encryption, you would use the following command:
asnpwd migrate using desencryptall.aut
The asnpwd migrate function performs the following steps:
- Validates that the password file is encrypted using DES
- Copies the password file to a backup file that includes a timestamp suffix in the following format: .YYMMDDThhmmss
- Deletes the original password file
- Uses DES to decrypt the backup password file and then uses the asnpwd init and add functions to create an new, AES-encrypted password file that has the original password file name.
Prerequisite: The user ID that executes asnpwd migrate must have permission to delete the password file.