Storing the encrypted database password in stash file

Storing the encrypted database password in stash file

For a secure network connection, we can store the CMS encrypted database password in a stash file.

Overview
Store the password when creating a CMS database using the IKEYCMD command-line interface or GSKCapiCmd tool, as follows:

Procedure

Store the password using the IKEYCMD command-line interface. Enter the following command (as one line):

gsk7cmd -keydb -create -db <path_to_db>/<db_name> -pw <password> -type cms -expire <days> -stash

To store the password after a CMS database has been created:

gsk7cmd -keydb -stashpw -db <db_name> -pw <password>

Store the password using the GSKCapiCmd tool. GSKCapiCmd is a tool that manages keys, certificates, and certificate requests within a CMS key database. The tool has all of the functionality that the existing GSKit Java command line tool has, except GSKCapiCmd supports CMS and PKCS11 key databases. If we plan to manage key databases other than CMS or PKCS11, use the existing Java tool. We can use GSKCapiCmd to manage all aspects of a CMS key database. GSKCapiCmd does not require Java to be installed on the system.

gsk7capicmd -keydb -stashpw -db <name> [-pw <passwd>] [-fips]

Related concepts

Manage keys with the IKEYCMD command line interface (Distributed systems)