Keymgmt Export

Exports the content of a credential store, shared keys from a credential store, named encryption key from a server ID file, all Domain Keys Identified Mail (DKIM) documents, or a DKIM key.

Details

Use this command to:
  • Export the content of a credential store to a database. Do this to prepare to import the content into a different credential store. For example, do this when moving a credential store from single server configuration to cluster configuration or vice versa. Any encrypted document in the credential store is decrypted with the named encryption key and encrypted with the target server's public key before being placed in the target database.
  • Export a named encryption key in a server ID file to a file. For example, do this in a cluster to prepare to then import the key into the ID file of another server in the cluster that will use the associated credential store.
  • Export all shared encryption keys used for DAOS object encryption from a credential store to a database. Do this to prepare to import the shared keys into another credential store.

Syntax: Export content of credstore.nsf

To export the content of a credential store, enter the following command from the server on which it resides:
 keymgmt export credstore <database> <target_server> 
where
  • <database> is the name of a database to create on the local server to store the exported content.
  • <target_server> is the Notes hierarchical name of the server with the credential store you are switching to.

You must copy the database to the data directory of the target server in order to next use keymgmt import to import the content into the target server credential store.

Any encrypted document in the credential store is decrypted with the name encryption key and encrypted with the target server's public key before being put in the database.

For example:
keymgmt export credstore credstorecopy.nsf hubserver/renovations 

Syntax: Export a named encryption key

To export a named encryption key from a server ID file and save it in a file in the server program directory, enter the following command:
keymgmt export nek <nekname> [overwrite] <nekname>.key  <password>
where <nekname> is the name of the key, <nekname>.key is the name of the key file, and <password> is a password for the key file.
For example:
keymgmt export nek credstorekey credstorekey.key passw0rd
When exporting a named encryption key, if a key with that name already exists in the specified file, use the overwrite argument to replace it with the new key, for example:
keymgmt export nek credstorekey overwrite credstorekey.key passw0rd

Syntax: Export shared encryption keys

To export shared encryption keys used for DAOS object encryption from a credential store to prepare to import them into another credential store, enter the following command:

keymgmt export sharedkey <database> <servername>

where

<database> is the file name of a database in which to export the shared keys. The database is created in the local IBM_Credstore directory.

<servername> is the hierarchical name of a server that uses the target credential store which you will use to import the shared keys. Only this server can be used to import the shared keys to the target credential store.

For example, to export shared keys to the local database exportdb.nsf that will be imported into target credential store via the server App1/Renovations, enter the following command:
keymgmt export sharedkey exportdb.nsf Apps1/Renovations

Syntax: Export DKIM documents

To export just the DKIM documents in the credential store to a database file encrypted for a server, enter the following command. You might do this to move DKIM keys to another credential store. After exporting, use the keymgmt import credstore to import them into another credential store.
EXPORT DKIM <exportFile> <serverName>

where

<exportfile> is the file name of a database in which to export the DKIM documents. The database is created in the local IBM_Credstore directory.

<servername> is the hierarchical name of a server that uses the target credential store on which to store the file.

For example, to export DKIM documents to the local database dkimdb.nsf on the server Mail1/Renovations, enter the following command:
keymgmt export dkimdb.nsf Mail1/Renovations

Syntax: Export a DKIM key

After you use the keymgmt create DKIM command to create DKIM signing keys in the credential store, run the following command to create a .txt file in the Domino data directory that contains the DNS TXT record with the key. You use the .txt file to add the DNS TXT record to your DNS domain settings.
keymgmt export DKIM DNS <domain> <selector> <dkimdnsfile>
where:
  • <domain> is the name of the Domino Internet domain that you specified for the key.
  • <selector> is the DKIM selector you specified for the key.
  • <dkimdnsfile> is the name of the .txt file to create in the Domino data directory that contains the DNS TXT record.
For example:
keymgmt export DKIM DNS renovations.com 12345 dkimdns.txt