IBM Datacap, Version 8.1            

Generating and exporting the encryption keys

You must generate security keys that allow Taskmaster to encrypt and decrypt passwords. To replace existing keys with new keys, you can specify a parameter to generate encryption keys to a local store. You can specify a different parameter to export the encryption keys from the local keystore to a file that can be imported to other computers.

You must generate and use the security encryption keys that allow Taskmaster to encrypt and decrypt the passwords that are used by users, services, and processes to access the Taskmaster server service and to log in to databases.

In a single machine configuration, you must generate and export the encryption keys that all of the Taskmaster components on the single machine use.

In a client/server configuration, you must generate and export matching security encryption keys from the server on which the Taskmaster server software component is installed to all of the computers on which any Taskmaster component is installed. This requirement secures any passwords that are passed over or received from the network by the Taskmaster component.

To generate encryption keys and export them:

  1. Open a command prompt and navigate to the C:\Datacap\Taskmaster folder. In a client/server configuration, perform this step on the computer on which the Taskmaster server software component is installed.
  2. Run the key management program, dcskey.exe, inserting one or more of the following parameters in the command. For example, to export keys during a new Taskmaster installation, you would enter dcskey.exe e.
    e
    Exports the encryption keys from the local keystore to a dc_KTF.xml key transport file. You can use this file to import the keys to other computers. If no keys exist in the keystore, the e parameter generates new ones before the export. If keys exist in the keystore, the e parameter exports those keys.
    gnk
    Generates, but does not export, encryption keys in the local keystore. Use this parameter any time you must replace existing keys with new keys. For example, you would run the command dcskey.exe gnk e to replace existing keys and export them. The newly exported keys would then must be imported onto all other Taskmaster computers in your configuration.
Parent topic: Installing Taskmaster on a single machine

Feedback

Last updated: November 2013
dcain011_copyto_singleTMSvr1.htm

© Copyright IBM Corporation 2013.