Generating Password Security (Optional)

For password security, PPM uses a client/server encryption model based on the ElGamal algorithm, which generates a public/private key pair. Passwords are encrypted using the server's public key. Only the server can decrypt the data using the private key. The client application does not have access to decrypted data.

The public and private keys, which are generated during PPM installation, reside in <PPM_Home>/security. Generate the key pair only once, unless you think that server security has been breached. In that case, regenerate the key pair and reencrypt all passwords.

To regenerate the private and public key pair:

  1. From a DOS or UNIX prompt, run the kKeygen.sh script, which is located in the <PPM_Home>/bin directory.

    sh ./kKeygen.sh

As the script run completes, the following two key files are placed in the <PPM_Home>/security directory:

  • public_key.txt
  • private_key.txt

On a Windows system, anyone can read these files. As the system administrator, make sure that non-trusted users do not have read privilege to the files. On UNIX, the files are read-only for the user running the script. If the user running the script is not the user who started the server, the server cannot read the keys and cannot start.

For more information about the kKeygen.sh script, see kKeygen.sh.