ADMINISTERING


Keymgmt Export

Exports the content of a credential store, shared keys from a credential store, named encryption key from a server ID file, all Domain Keys Identified Mail (DKIM) documents, or a DKIM key.

Details

Use this command to:


Syntax: Export content of credstore.nsf

To export the content of a credential store, enter the following command from the server on which it resides:

 keymgmt export credstore <database> <target_server>

where


You must copy the database to the data directory of the target server in order to next usekeymgmt import to import the content into the target server credential store.

Any encrypted document in the credential store is decrypted with the name encryption key and encrypted with the target server's public key before being put in the database.

For example:

keymgmt export credstore credstorecopy.nsf hubserver/renovations

Syntax: Export a named encryption key

To export a named encryption key from a server ID file and save it in a file in the server program directory, enter the following command:

keymgmt export nek <nekname> [overwrite] <nekname>.key  <password>

where <nekname> is the name of the key, <nekname>.key is the name of the key file, and <password> is a password for the key file.

For example:

keymgmt export nek credstorekey credstorekey.key passw0rd

When exporting a named encryption key, if a key with that name already exists in the specified file, use the overwrite argument to replace it with the new key, for example:

keymgmt export nek credstorekey overwrite credstorekey.key passw0rd

Syntax: Export shared encryption keys

To export shared encryption keys used for DAOS object encryption from a credential store to prepare to import them into another credential store, enter the following command:

keymgmt export sharedkey <database> <servername>

where

<database> is the file name of a database in which to export the shared keys. The database is created in the local IBM_Credstore directory.

<servername> is the hierarchical name of a server that uses the target credential store which you will use to import the shared keys. Only this server can be used to import the shared keys to the target credential store.

For example, to export shared keys to the local database exportdb.nsf that will be imported into target credential store via the server App1/Renovations, enter the following command:

keymgmt export sharedkey exportdb.nsf Apps1/Renovations

Syntax: Export DKIM documents

To export just the DKIM documents in the credential store to a database file encrypted for a server, enter the following command. You might do this to move DKIM keys to another credential store. After exporting, use the keymgmt import credstore to import them into another credential store.

EXPORT DKIM <exportFile> <serverName>

where

<exportfile> is the file name of a database in which to export the DKIM documents. The database is created in the local IBM_Credstore directory.

<servername> is the hierarchical name of a server that uses the target credential store on which to store the file.

For example, to export DKIM documents to the local database dkimdb.nsf on the server Mail1/Renovations, enter the following command:

keymgmt export dkimdb.nsf Mail1/Renovations

Syntax: Export a DKIM key

After you use the keymgmt create DKIM command to create DKIM signing keys in the credential store, run the following command to create a .txt file in the Domino data directory that contains the DNS TXT record with the key. You use the .txt file to add the DNS TXT record to your DNS domain settings.

keymgmt export DKIM DNS <domain> <selector> <dkimdnsfile>

where:


For example:

keymgmt export DKIM DNS renovations.com 12345 dkimdns.txt

Parent topic: List of server commands and syntax

Related concepts
Configuring DKIM signing for messages routed to external Internet domains
Using a console to send commands to a server
Using a shared key to encrypt DAOS objects across servers

Related tasks
Using a credential store to store credentials

Related reference
Keymgmt Create
Keymgmt Import