Sensitive data encryption/decryption using XPSExport
search cancel

Sensitive data encryption/decryption using XPSExport


Article ID: 200719


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER



We're running the command XPSExport and we'd like to know how to
encrypt and decrypt the sensitive data such as DB password, super user
password when exporting the full Policy Store data. How can we do that ?




Policy Server 12.8SP3 on RedHat 7;




At first glance, according to documentation, running XPSExport with
the option "-pass" will encrypt all sensitive data.


  -pass <passphrase> (Optional) Specifies the passphrase that is
   required for encryption of sensitive data. This passphrase must be at
   least eight characters long and must contain at least one digit, one
   uppercase, and one lowercase character. The passphrase can contain a
   space that is enclosed in quotes. If not specified as a command-line
   option, the export process prompts for a passphrase when sensitive
   data is being exported.

Once you have exported the data, the only way to read the sensitive
data is to import back them running XPSImport with the same option :


  -pass passphrase
  (Optional) Specifies the passphrase that is required for decryption
  of sensitive data. The phrase must be the same as the phrase
  specified during export, or the decryption fails.