Show TOC

Procedure documentationImporting Keys after a System Copy Locate this document in the navigation structure

 

When, after having made a system copy, you transfer the database content to a system where the encryption key of the secure storage in the database does not exist in the file system, the records that are encrypted with these keys cannot be read and fail.

Procedure

You get the following error message:

Incorrect global key for entry ...

There are two possibilities for making these records readable.

  • Option 1: Restoring the key file.

    1. If you have access to the key file that was used in the source system, copy it to the target system.

      Note Note

      The value of the rsec/securestorage/keyfile profile parameter tells you where to find the key file in the source system and where to put it in the target system.

      End of the note.

    2. Start the Administration of the Secure Storage (SECSTORE transaction).

    3. Go to the Check Entries tab and check that there are no more errors.

      Recommendation Recommendation

      We recommend that you perform a key change using the key file tool afterwards because a separate encryption key per system increases security.

      End of the recommendation.

  • Option 2: Making the records readable by presenting the old key.

    1. Start the Administration of the Secure Storage (SECSTORE transaction).

    2. Go to the Global Key Changed tab.

    3. Choose the Old Global Key input field.

    4. Enter the encryption key that was in use in the source system.

    5. Choose Execute (Execute). An incorrect input cannot damage data.

    6. If there are still errors of type Incorrect global key for entry ... left, repeat this procedure with all encryption keys that have been used in the source system. The key backup which you were supposed to make before you introduce a new encryption key in the source system provides the necessary input data to make the records sequentially readable again.

    7. If there are no more errors, all records are now readable and encrypted with the primary encryption key that is currently in use. If this is the default key, we recommend that you perform a key change afterwards using the key management tool because a separate encryption key per system increases security.