Change the publish security key
This topic does not apply to the DITA Rendition Engine.
The user password and master password in the Security Page are encrypted
by the Blowfish Algorithm. This algorithm takes a key to perform encryption
and decryption. In case the encrypted passwords were compromised, or for
other security reasons that the users wish to change the key, the users
must follow these steps to get a new key:
Step 1: Make a key
Although Blowfish takes a variable-length key, FileNet recommend a 128-bit
(or 16 byte) key. The user must make a key: a string consisting of 16
byte values in decimal, each separated by a blank space.
NOTE Each byte value ranges from 0 to 255.
For example, the following is a valid 128-bit key:
12 250 8 84 47 139 112 50 181 210 31 146 243 73 199 94
Step 2: Encode the key
- Encode the key string created in Step 1 with Base64.
- Download a Base64 Encoding program from public domain and encode the
key. For example, after base64-encoded, the sample key in Step 1 is:
- MTIgMjUwIDggODQgNDcgMTM5IDExMiA1MCAxODEgMjEwIDMxIDE0NiAyNDMgNzMgMTk5IDk0
- Put letter 'A' and a blank space in front of the encoded key to mark
its version. The sample key now is:
- A MTIgMjUwIDggODQgNDcgMTM5IDExMiA1MCAxODEgMjEwIDMxIDE0NiAyNDMgNzMgMTk5IDk0
- Use
this key string for the following steps.
Step 3: Export the Publish Key Class Definition from Content Engine
- Start Enterprise Manager, and select the object store you wish
to update.
- Right click the Publish Key folder under Other Classes\Custom Object.
- Select All Tasks > Add to Export Manifest and click OK on the default
settings.
- Navigate to the Class Definition folder under Export Manifest. Right
click Publish Key on the right panel and select Export Object.
- Save the export to a file under the Content Engine directory, such as
C:\Program Files\FileNet\Content Engine\PublishKey.xml.
Step 4: Update the Publish Key String in the exported file
- Inside the exported XML file, search "Publish Key" for the
class definition.
- In the class definition, find a property definition named "Access
Key".
- In the property definition, find an XML tag named <PropertyDefaultString>.
- Update the value of <PropertyDefaultString> with the key string
created in Step 2. In our example, it becomes:
- < PropertyDefaultString>A MTIgMjUwIDggODQgNDcgMTM5IDExMiA1MCAxODEgMjEwIDMxIDE0NiAyNDMgNzMgMTk5IDk0</PropertyDefaultString>
Step 5: Import the XML file back to the object store
- Import the XML file in Step 4 to the object store that you wish to update.
- Right-click on the object store, select All
Tasks >
Import All, and specify the filename to import. After the import completes,
a message indicates successful completion.
- Refresh the object store.
- This action updates this object store with
this newly created key for the User and Master Password encryption.
Any PDF Style Template created in this object store thereafter
uses this new key. If you want to update another object store, repeat
Step 5. If you create a new object store and wish to use this publish
key, also repeat Step 5 after you create the object store.
Step 6: Update the passwords for the existing PDF Style Templates
- Start the Publishing Style Template Manager.
- Click the object store that has the new key; select a style template
under the PDF Plug-in.
- Click on the Modify Button to pop up the Add/Modify Style Template Dialog.
- Click the Advanced Button to pop up the Advanced Style Template Properties
for PDF Plug-in Dialog; enter a new user password and master password
in this dialog if they have been previously set.
- Click OK to save the new password.
Both passwords are now encrypted with the new key. You must update the
passwords for all PDF style templates.
If you have imported the new key to more than one object store in Step
5, you must repeat Step 6 to update all PDF Style Templates in each object
store.