ADMINISTERING
Creates a named encryption key in the server ID file; creates a credential store assigned a named encryption key that is used to encrypt documents; creates a shared key in a credential store to use to encrypt DAOS objects on multiple servers; or creates a Domain Keys Identified Mail (DKIM) key
Syntax: Create a named encryption key in the server ID file
keymgmt create nek <nekname> [overwrite]
For example, to create a named encryption key calledcredstorekey in the server ID file, enter:
keymgmt create nek credstorekey
When creating a named encryption key, if a key with that name already exists on the server ID file and you want to replace it with a new key, use the overwrite argument, for example:
keymgmt create nek credstorekey overwrite
Note: Use the overwrite argument with extreme caution. If you overwrite a key, any data encrypted with the key can never be decrypted.
Syntax: Create a credential store assigned a named encryption key
keymgmt create credstore <nekname>
keymgmt create credstore credstorekey
Syntax: Created a shared encryption key
To create a shared key in credstore.nsf to use to encrypt DAOS objects on the servers that use the credential store, enter one of the following commands from the console of any Domino server that uses the credential store:
To use AES-128 encryption:
keymgmt create sharedkey <keyname>
To use AES-256 encryption:
keymgmt create sharedkey <keyname> 256
For example, to create a shared key called MyCluster_AES_128 that uses AES 128-bit encryption, enter:
keymgmt create sharedkey MyCluster_AES_128
Syntax: Create a DKIM key
To create one or more keypairs in a credential store to use for DKIM signing, run the following command from the console of a Domino server that has the credential store:
keymgmt create DKIM <domain> <selector> RSA
where:
keymgmt create DKIM renovations.com 12345 RSA 2048
A console message similar to the following one indicates the command is successful:
> keymgmt create DKIM renovations.com 12345 RSA 2048[4F24:0007-2F28] Created DKIM key 12345._domainkey.renovations.com
Note: A DKIM key is enabled by specifying the domain and selector in a server notes.ini setting. 255 characters are the maximum allowed for notes.ini settings which puts a practical limit on domain and selector sizes.
For information on DKIM signing, see Configuring DKIM signing for messages routed to external Internet domains.
Parent topic: List of server commands and syntax
Related concepts Using a shared key to encrypt DAOS objects across servers Using a console to send commands to a server
Related tasks Using a credential store to store credentials
Related reference Keymgmt Export Keymgmt Import