Using GSKit

About this task

If your server is using encryption at rest, the data is encrypted with the information specified with the KeyStore ol_aws_disk_encryption.p12, and the encryption password for the key store is being stashed in a file called ol_aws_disk_encryption.sth. This stash technique (.sth approach) is proprietary to GSKit.

Note: The OneDB server does not have GSKit; ensure you know the password for the KeyStore when you migrate to OneDB.
The GSKit utility allows you to change the KeyStore password by specifying a new password. If you do not know the KeyStore password prior to migration, use the following steps:
Note: These steps are applicable for Informix servers using GSKit.

Procedure

  1. Change the KeyStore password: 
    gskcapicmd_64 -keydb -changepw -db <keystore> -stashed -new_pw <newpassword>

    Example:
gsk8capicmd_64  -keydb -changepw -db ol_aws_disk_encryption.p12 -stashed -new_pw TheNewDiskEncryptionPwdxyz
  2. Copy the KeyStore to OneDB VM:
    scp -i $AWS_RSAKEY_ONEDBVM /home/informix/server/etc/ol_aws_disk_encryption.p12 ubuntu@$PUBLICIP_ONEDBVM:/tmp/.