ADMINISTERING


Keymgmt Create

Creates a named encryption key in the server ID file; creates a credential store assigned a named encryption key that is used to encrypt documents; creates a shared key in a credential store to use to encrypt DAOS objects on multiple servers; or creates a Domain Keys Identified Mail (DKIM) key

Syntax: Create a named encryption key in the server ID file

keymgmt create nek <nekname> [overwrite]

For example, to create a named encryption key calledcredstorekey in the server ID file, enter:

keymgmt create nek credstorekey

When creating a named encryption key, if a key with that name already exists on the server ID file and you want to replace it with a new key, use the overwrite argument, for example:

keymgmt create nek credstorekey overwrite

Note: Use the overwrite argument with extreme caution. If you overwrite a key, any data encrypted with the key can never be decrypted.

Syntax: Create a credential store assigned a named encryption key

 keymgmt create credstore <nekname>


For example, to create a credential store on the server whose documents will be encrypted with the named encryption key credstorekey, enter:

keymgmt create credstore credstorekey

Syntax: Created a shared encryption key

To create a shared key in credstore.nsf to use to encrypt DAOS objects on the servers that use the credential store, enter one of the following commands from the console of any Domino server that uses the credential store:

To use AES-128 encryption:

keymgmt create sharedkey <keyname>

To use AES-256 encryption:

keymgmt create sharedkey <keyname> 256

For example, to create a shared key called MyCluster_AES_128 that uses AES 128-bit encryption, enter:

keymgmt create sharedkey MyCluster_AES_128

Syntax: Create a DKIM key

To create one or more keypairs in a credential store to use for DKIM signing, run the following command from the console of a Domino server that has the credential store:

keymgmt create DKIM <domain> <selector> RSA

where:


For example:

keymgmt create DKIM renovations.com 12345 RSA 2048

A console message similar to the following one indicates the command is successful:

> keymgmt create DKIM renovations.com 12345 RSA 2048[4F24:0007-2F28] Created DKIM key 12345._domainkey.renovations.com

Note: A DKIM key is enabled by specifying the domain and selector in a server notes.ini setting. 255 characters are the maximum allowed for notes.ini settings which puts a practical limit on domain and selector sizes.

For information on DKIM signing, see Configuring DKIM signing for messages routed to external Internet domains.

Parent topic: List of server commands and syntax

Related concepts
Using a shared key to encrypt DAOS objects across servers
Using a console to send commands to a server

Related tasks
Using a credential store to store credentials

Related reference
Keymgmt Export
Keymgmt Import