Encryption

Encryption (non-FIPS 140 mode) is enabled during the installation process by default. The basis for encryption is a secret phrase that gets transformed into the file .
The transformation of the site secret into the
imk.dat
files differs, depending on whether encryption is set to FIPS 140 mode.
Application in FIPS 140 mode encryption cannot use the same
imk.dat
file that is used by Domain manager application in non-FIPS 140 mode.
Therefore, all clients and servers using an
imk.dat
file must be set to the same FIPS 140 mode.
The Domain manager application use the site secret to:
  • Encrypt passwords in the configuration files.
  • Encrypt passwords for SNMP v3 devices in the seed files.
  • Encrypt connections between programs.
During installation, encryption is enabled with a default secret phrase. This phrase is:
Not a secret
The
imk.dat
file can be copied. The
imk.dat
is located in the
BASEDIR/smarts/local/conf
directory.
The
imk.dat
file can only be copied to other systems with the same operating system (OS), OS version, and FIPS 140 mode setting.
To raise the level of security, change the secret phrase by using the
sm_rebond
utility. Thereafter, change the secret phrase periodically to maintain a secure system.
Treat the secret phrase with the same care as a root password or highest level system administration password.