Show TOC

Procedure documentationEmergency Recovery Procedure Locate this document in the navigation structure

 

The procedure described in this section aims to make as much records as possible readable again, based on the currently persisted keys in the file system, and key value backups provided by the administrator.

Only use this method if other methods do not apply. This method is not used as general solution because even when finally all records are readable, temporarily records might become unreadable. For this reason, unpredictable effects can arise in the applications using the secure storage during the time where you execute this procedure.

Procedure

  1. Using the key check result table of the tool, get an overview about those instances where an individual key is used and the file paths of the key files.

  2. Log on to the operating system of those instances, navigate to the key file, and extract the keys.

  3. Write down all individual keys you find.

    Caution Caution

    Now the critical part begins, where read-failures might appear.

    End of the caution.
  4. Delete the key file in all instances. Once you have done so, use the tool to verify whether all instances see the default key as both the primary and the secondary key.

  5. Start SECSTORE and go to the Check Entries tab without specifying any limitations.

    If no errors are reported, use the tool to set a new key. The procedure ends then.

  6. Otherwise, repeat the following steps for each key you extracted from the key files and, if you have them, with backup values of keys that might have been previously used to encrypt records in this system:

    1. Start the transaction SECSTORE, go to tab Global Key Changed, enter the key, and execute.

    2. If no errors are reported, use the tool to set a new key. The procedure then ends.

    3. Otherwise, repeat with the next key.

      When you are out of keys and still have records with errors, those records are irrecoverably lost. You should aim to recreate their data using the maintenance functions of the affected applications.

      Note Note

      This is not described here. You might be able to double-click the record in the table on the right side. You find the record in transaction SECSTORE.

      End of the note.

      Alternatively, you can use the Delete function in SECSTORE to remove the records from the database. Since this bypasses the application that has stored the record, the consequences for the respective application are unpredictable.

      If no records with errors are left, you can use the tool to set a new key. The procedure then ends.