Generate password security (Optional)

For password security, PPM uses a client/server encryption model based on the ElGamal algorithm, which generates a public/private key pair. Passwords are encrypted using the server's public key. Only the server can decrypt the data using the private key. The client application does not have access to decrypted data.

The public and private keys, which are generated during PPM installation, reside in <PPM_Home>/security. Generate the key pair only once, unless you think that server security has been breached. In that case, regenerate the key pair and reencrypt all passwords.

To regenerate the private and public key pair:

1. From a DOS or UNIX prompt, run the kKeygen.sh script, which is located in the <PPM_Home>/bin directory.

   sh ./kKeygen.sh

2. If information is not available in server.conf, you are prompted for the following information:

   • JDBC_URL (the server uses this to communicate with the database)

     Example

     jdbc:oracle:thin: @DBhost.domain.com: 1521:SID

   • DB_USERNAME (username for the PPM database schema)

   • DB_PASSWORD (password for the PPM database schema)

     Caution: If you generate new public or private keys, users cannot log on. The old passwords stored in the database are encrypted using the old key. All of the passwords encrypted using the new keys do not match those stored in the database.

As the script run completes, the following two key files are placed in the <PPM_Home>/security directory:

• public_key.txt
• private_key.txt

On a Windows system, anyone can read these files. As the system administrator, make sure that non-trusted users do not have read privilege to the files. On UNIX, the files are read-only for the user running the script. If the user running the script is not the user who started the server, the server cannot read the keys and cannot start.

For more information about the kKeygen.sh script, see kKeygen.sh.