ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Sensitive data encryption/decryption using XPSExport

book

Article ID: 200719

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

We're running the command XPSExport and we'd like to know how to
encrypt and decrypt the sensitive data such as DB password, super user
password when exporting the full Policy Store data. How can we do that ?

 

Environment

 

Policy Server 12.8SP3 on RedHat 7;

 

Resolution

 

At first glance, according to documentation, running XPSExport with
the option "-pass" will encrypt all sensitive data.

XPSExport

  -pass <passphrase> (Optional) Specifies the passphrase that is
   required for encryption of sensitive data. This passphrase must be at
   least eight characters long and must contain at least one digit, one
   uppercase, and one lowercase character. The passphrase can contain a
   space that is enclosed in quotes. If not specified as a command-line
   option, the export process prompts for a passphrase when sensitive
   data is being exported.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/administrating/policy-server-tools/xpsexport.html

Once you have exported the data, the only way to read the sensitive
data is to import back them running XPSImport with the same option :

XPSImport

  -pass passphrase
  (Optional) Specifies the passphrase that is required for decryption
  of sensitive data. The phrase must be the same as the phrase
  specified during export, or the decryption fails.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/administrating/policy-server-tools/xpsimport.html