> sapgenpse
Usage: sapgenpse [-fips on/off] [-log] [-h] [-l <sapcryptoPath>] <command> [-h] [sub-options] ...
-l <sapcryptoPath> Path of CommonCryptoLib (libsapcrypto.so) to be used
-h Show help text
-log Write traces directly to stderr
-fips on/off Activate FIPS 140-2 mode
<command> Command to execute
<command> -h Show help text of named command
All commands that create PSEs or Credentials support the option -lps.
(These commands are gen_pse, import_p12, import_p8, keytab, seclogin)
The -lps option enables the usage of the Local Protection Storage (LPS) to
protect the sensitive information stored in PSEs and Credentials.
Where available the protection with LPS is provided using system-dependent
resources.
- (DP ) On the Microsoft Windows platform, the Data Protection API (DPAPI)
is used for this purpose. A PSE file can only be made available
again on the same platform on which the protection was applied.
- (INT) On all other operating systems, a fallback protection is used.
This method uses a CommonCryptoLib key and does not prevent
the access of a copied PSE on another host.
The command lps_enable can be used to enable LPS on existing PSEs.
The command seclogin can be used to enable LPS on existing credentials.
Loaded CommonCryptoLib from sapgenpse folder
"/usr/sap/SID/SYS/exe/uc/linuxx86_64/libsapcrypto.so"
Platform: linux-gcc-4.3-x86-64 (linux-gcc-4.3-x86-64)
Versions: SAPGENPSE 8.5.33 (May 26 2020)
CommonCryptoLib 8.5.33 (May 26 2020) [AES-NI,CLMUL,SSE3,SSSE3]
Build change list: 240695
USER="SIDadm"
Environment variable $SECUDIR is not defined!
Fallback selection of SECUDIR through HOME:
"/home/SIDadm/sec"
