Return
-
Title
How to validate the private key for an Encrypted Database -
Description
When performing an Identity Manager (1IM) upgrade, there can be a request to validate the private key for an encrypted database. -
Resolution
The Private key is for encrypting a database (DB) and should be managed and backup up. However, if there is a serious need to validate the private key, one can use the "CryptoConfig.exe" application in the installation folder with reference to some steps provided in the installation guide (see below).
One way to validate if the private key is working is to check if the database can be decrypted the with the private key. However once the Database is decrypted, then the next encryption will generate a new private key. Prior to performing these steps it is advised to have a backup of the private key and a recent backup of the database in the case of accidental corruption.
1. Back up the current production DB and create a copy in a different environment for the purpose of testing the private key.
2. At the same time make another copy of the private key to be tested on the copied DB.
3. Decrypt the copied Database with the copied private key - if the Private key is valid, the decrypt process will be successful.
Please follow the steps provided in the Installation Guide, Decrypting Database Data.
Once this step is completed, then it can be confirmed the key is valid, the DB is decrypted and all columns marked for "crypted" will be converted to non-encrypted, as shown in the application window.