Skip to main content

resetkey

Use the resetkey program if you need to reset the communication key (or Master Key), Connector encryption key, or IDMLib encryption key in the registry.

For example, if you have forgotten any of the encryption keys, or if you have a policy which requires you to change it on a regular basis.

Updating the registry must occur on all servers, including listeners, proxy servers, application instance servers, IDDB replication nodes, and transparent password synchronization triggers. If this change is not completed on all servers, then communication between these servers can fail. You can export the reset encryption keys to the idmsetup.inf file, which is used to load information during the initial installations on these servers.

Usage
resetkey.exe -type <keytype> -value <keyvalue>

resetkey.exe -type <keytype> -export [-value <keyvalue>] [-file <file>]

Argument

Description

-type <keytype>

The key type for the encryption key that is being reset. Valid types are:

commkey

connectorkey

idmlibkey

restapikey (export only)

-value <keyvalue>

The hexadecimal key to set for the new value for the key as specified for -type in the registry, idmsetup.inf file, or other specified file. The specified <keyvalue> must be 64 hexidecimal characters in length.

-export

Copies the registry value for the specified encryption key, encodes it, and writes it to the inf file.

-file <file>

Allows you to specify the name and location of an alternate inf file to which to export the encrypted key value. The default name and location is <instance>\psconfig\idmsetup.inf. The encryption key value can be taken from the registry, or specified using the -type and -value arguments.

Examples

  1. To update the communication key (or Master Key), Connector encryption key, or IDMLib encryption key in the registry with a specified hexidecimal key, type:

    resetkey -type commkey -value <64-character-key-value> 
resetkey -type connectorkey -value <64-character-key-value> 
resetkey -type idmlibkey -value <64-character-key-value>

  2. To update the communication key (or Master Key) in a file named idm-copy.inf, located in the current directory, using the communication key (or Master Key) value from the registry, type:

    resetkey -type commkey -export -file idm-copy.inf

    The specified inf file must be a valid setup file that follows the format of idmsetup.inf. It is recommended that you backup the inf file before exporting the current communication key (or Master Key) to the file.

In this section: