Encryption

Encryption (non-FIPS 140 mode) is enabled during the installation process by default. The basis for encryption is a secret phrase that gets transformed into the file .

The transformation of the site secret into the imk.dat files differs, depending on whether encryption is set to FIPS 140 mode.

Note: Application in FIPS 140 mode encryption cannot use the same imk.dat file that is used by Domain manager application in non-FIPS 140 mode.

Therefore, all clients and servers using an imk.dat file must be set to the same FIPS 140 mode.

The Domain manager application use the site secret to:

Encrypt passwords in the configuration files.
Encrypt passwords for SNMP v3 devices in the seed files.
Encrypt connections between programs.

During installation, encryption is enabled with a default secret phrase. This phrase is:

Not a secret

The imk.dat file can be copied. The imk.dat is located in the BASEDIR/smarts/local/conf directory.

Note: The imk.dat file can only be copied to other systems with the same operating system (OS), OS version, and FIPS 140 mode setting.

To raise the level of security, change the secret phrase by using the sm_rebond utility. Thereafter, change the secret phrase periodically to maintain a secure system.

Note: Treat the secret phrase with the same care as a root password or highest level system administration password.