![]() ![]() The PAKeyGen utility supports hardware random number generators that use the PKCS#11 interface.Īll traces of the key generation procedure must be destroyed. To create strong keys, a true random number generator must be used. For this reason, it is essential to generate strong, hard-to-guess keys, and protect them with controlled access. If an unauthorized party compromises either the server key or the private recovery key, they may be able to decrypt all the information that is stored on the Vault server, or in a backup location. The security of the Vault relies heavily on the strength, protection, and controlled accessibility of the keys. The Master folder should be securely stored in a physical safe. The Operator folder is required to start the Vault server, as it holds the server key that is the anchor to the Vault’s encryption chain. This folder contains the server key, the public recovery key, and the private recovery key. This folder contains the server key and the public recovery key. These keys are located in two separate folders: The server key is a 256-bit symmetric key and the recovery keys are a 2048-bit asymmetric key pair. The CyberArk Key Generator utility (PAKeyGen) enables you to create a set of two unique encryption keys: This topic describes the CyberArk Key Generator (PAKeyGen) utility, and how to generate, configure, and troubleshoot the utility.įor information about system requirements, see CyberArk Key Generator utility. ![]()
0 Comments
Leave a Reply. |