Change the publish security key

This topic does not apply to the DITA Rendition Engine.

The user password and master password in the Security Page are encrypted by the Blowfish Algorithm. This algorithm takes a key to perform encryption and decryption. In case the encrypted passwords were compromised, or for other security reasons that the users wish to change the key, the users must follow these steps to get a new key:

Step 1: Make a key

Although Blowfish takes a variable-length key, FileNet recommend a 128-bit (or 16 byte) key. The user must make a key: a string consisting of 16 byte values in decimal, each separated by a blank space.

NOTE Each byte value ranges from 0 to 255.

For example, the following is a valid 128-bit key:

12 250 8 84 47 139 112 50 181 210 31 146 243 73 199 94

Step 2: Encode the key

  1. Encode the key string created in Step 1 with Base64.
  2. Download a Base64 Encoding program from public domain and encode the key. For example, after base64-encoded, the sample key in Step 1 is:
  3. MTIgMjUwIDggODQgNDcgMTM5IDExMiA1MCAxODEgMjEwIDMxIDE0NiAyNDMgNzMgMTk5IDk0
  4. Put letter 'A' and a blank space in front of the encoded key to mark its version. The sample key now is:
  5. A MTIgMjUwIDggODQgNDcgMTM5IDExMiA1MCAxODEgMjEwIDMxIDE0NiAyNDMgNzMgMTk5IDk0
  6. Use this key string for the following steps.

Step 3: Export the Publish Key Class Definition from Content Engine

  1. Start Enterprise Manager, and select the object store you wish to update.
  2. Right click the Publish Key folder under Other Classes\Custom Object.
  3. Select All Tasks > Add to Export Manifest and click OK on the default settings.
  4. Navigate to the Class Definition folder under Export Manifest. Right click Publish Key on the right panel and select Export Object.
  5. Save the export to a file under the Content Engine directory, such as C:\Program Files\FileNet\Content Engine\PublishKey.xml.

Step 4: Update the Publish Key String in the exported file

  1. Inside the exported XML file, search "Publish Key" for the class definition.
  2. In the class definition, find a property definition named "Access Key".
  3. In the property definition, find an XML tag named <PropertyDefaultString>.
  4. Update the value of <PropertyDefaultString> with the key string created in Step 2. In our example, it becomes:
  5. < PropertyDefaultString>A MTIgMjUwIDggODQgNDcgMTM5IDExMiA1MCAxODEgMjEwIDMxIDE0NiAyNDMgNzMgMTk5IDk0</PropertyDefaultString>

Step 5: Import the XML file back to the object store

  1. Import the XML file in Step 4 to the object store that you wish to update.
  2. Right-click on the object store, select All Tasks > Import All, and specify the filename to import. After the import completes, a message indicates successful completion.
  3. Refresh the object store.
  4. This action updates this object store with this newly created key for the User and Master Password encryption. Any PDF Style Template created in this object store thereafter uses this new key. If you want to update another object store, repeat Step 5. If you create a new object store and wish to use this publish key, also repeat Step 5 after you create the object store.

Step 6: Update the passwords for the existing PDF Style Templates

  1. Start the Publishing Style Template Manager.
  2. Click the object store that has the new key; select a style template under the PDF Plug-in.
  3. Click on the Modify Button to pop up the Add/Modify Style Template Dialog.
  4. Click the Advanced Button to pop up the Advanced Style Template Properties for PDF Plug-in Dialog; enter a new user password and master password in this dialog if they have been previously set.
  5. Click OK to save the new password.

Both passwords are now encrypted with the new key. You must update the passwords for all PDF style templates.

If you have imported the new key to more than one object store in Step 5, you must repeat Step 6 to update all PDF Style Templates in each object store.