Troubleshooting DAC : Recovering From a Lost Encryption Key


Recovering From a Lost Encryption Key
1.      The process of recovering from the loss of an encryption key involves clearing the encrypted data from the DAC repository, creating a new cwallet.sso file (with a new encryption key), and stamping the DAC repository with the new encryption key.
2.      This procedure involves steps that use automation utility commands.
3.      Before you can use these commands, you need to configure the automation utility property file.
To recover from the loss of an encryption key:
  1. Remove all the encrypted data from the DAC repository by calling the automation utility command clearEncryptedData.
  2. Call one of the following automation utility commands to generate a new cwallet.sso file:
    • dbCredentials <cwallet.sso file path> <user name> -withKey
Use this command to generate a cwallet.sso file with a encryption key that you specify.
    • dbCredentials <cwallet.sso file path> <user name> -randomKey
Use this command to generate a cwallet.sso file with a randomly generated encryption key.
  1. Copy the new cwallet.sso file to the appropriate directory where the DAC repository can access it. The default directory is <DAC_Config_Location>\conf-shared\security\repository.
  2. Stamp the DAC repository with the new encryption key:
    1. Log in to the DAC Client.
The following message will be displayed:
Encryption key validation value is missing from the DAC repository. Would like to add it now?
    1. Click OK to add the new encryption key to the DAC repository.
    2. Enter the table owner name and password, and click OK.
A message informs you whether the operation was successful.
    1. Distribute the new cwallet.sso file to all DAC installations that connect to this repository.

No comments:

Post a Comment