rsec/securestorage/keyfile

Posted by — January 27, 2015 in SAP PARAMETER Leave a reply

Parameter

rsec/securestorage/keyfile

Function has been replaced. This profile parameter relates to the obsolete procedure for specifying an individual encryption key. This has been replaced by the functions on the “Key Management” tab page in transaction SECSTORE.

Do not implement the obsolete procedure now.

If you have used the obsolete procedure in the past, you can use the key management functions in transaction SECSTORE to convert the entries encrypted with the key specified by this profile parameter to a newly-generated individual key.

In transaction SECSTORE, once no entries are found with an empty “Key ID” when you execute the “Check Usage” function in the key management, this means that the key specified with this profile parameter is no longer used and can be removed together with the value of this profile parameter.

Short text

Path to the file with the global key for the secure storage.

Parameter Description

You can use this parameter to specify a file that contains the global key for the secure storage.

If no value is specified, a default key is used. This is enhanced with system-dependent data and usually provides sufficient protection.

Due to the dangers associated with using your own key (see below), you should only use this function if you require a greater than normal degree of protection.

If a value is specified, this must be the path to a file that can be accessed from the application server. This file must contain a continuous sequence of 48 characters from the hexadecimal character set (0-9, A-F) at the start of the file.

You can use the report RSECKEYGEN to generate a suitable key from a pass phrase.

If you specify only a file name, the system looks for this file in the working directory of the application server.

The first time the key is changed from the default value (default key is used) to another value, the entries encrypted with the default key are automatically encrypted with the new key the next time they are accessed.

If you change the global key again, entries that were created with the old key can no longer be decrypted. This means that a migration in transaction SECSTORE is required. For more information, see the notes in the documentation.

CAUTION

Keep a copy of the key file in a secure location. If the file were to be lost, it would no longer be possible to access the entries in the secure storage that were saved with this key. This can have severe consequences for the entire system.

Application Area

System

Parameter Unit

File name

Default Value

Empty

Who is permitted to make changes?

Customer

Operating System Restrictions

Note that file names are platform-dependent. You should therefore be cautious about using the option to make the profile parameter the same on all servers in heterogeneous landscapes.

Database System Restrictions

None

Values allowed

If you change the value, the system checks whether the value meets the conditions listed under “Parameter Description”. If this is not the case, the system rejects the change. . In this case, you can find more information in the developer trace for the current work process.

You May Also Like

jstartup/shutdown_timeout : Timeout for the jstart controller process to wait for shutdown of child processes

jstartup/security_level : Security level for jcontrol

jstartup/sdm_properties : Path to SDM properties file

jstartup/recorder : Flight recorder configuration

Leave a Reply?