Home
Managing the database password using the command line
This topic describes passwords for key databases. A key database is used to store public keys that are used for secure connections.
When you create a new key database, you specify a key database password. This password protects the private key. The private key is the only key that can sign documents or decrypt messages that are encrypted with the public key. Changing the key database password frequently is a good practice. Use the following guidelines when specifying the password:
- The password must come from the U.S. English character set.
- The password must contain at least six characters and contain at least two nonconsecutive numbers. Make sure that the password does not consist of publicly obtainable information about you, such as the initials and birth date for you, your spouse, or children.
- Stash the password.
- Change the password for a key database using the gsk7cmd command-line interface. Enter the following command as one line:
/IBM/IHS/bin/gsk7cmd -keydb -changepw -db <filename>.kdb -pw <password> -new_pw <new_password> -expire <days> -stashwhere:
- -db <filename> is the name of the database.
- -changepw changes the password.
- -keydb specifies the command is for the key database.
- -new_pw <new_password> is the new key database password. This password must be different than the old password and cannot be a NULL string.
- -pw <password> is the password to access the key database.
- -expire <days> is the number of days before password expires. This parameter is only valid for CMS key databases.
- -stash stashes the password for the key database. This parameter is only valid for CMS key databases. Stashing the password is required for IBM HTTP Server.
- Change the password using the GSKCapiCmd tool. GSKCapiCmd is a tool that manages keys, certificates, and certificate requests within a CMS key database. The tool has all of the functionality that the existing GSKit Java™ command line tool has, except GSKCapiCmd supports CMS and PKCS11 key databases. If you plan to manage key databases other than CMS or PKCS11, use the existing Java tool. You can use GSKCapiCmd to manage all aspects of a CMS key database. GSKCapiCmd does not require Java to be installed on the system.
/IBM/IHS/bin/gsk7capicmd -keydb -changepw -db <name> [-crypto <module name> -tokenlabel <token label>] [-pw <passwd>] -new_pw <new passwd> [-expire <days>] [-stash] [-fips] [-strong]The key database now accepts the new password.
Related concepts
Managing keys with the gsk7cmd command line interface (Distributed systems)
Related tasks