Can I export the Session Keys between my environments?

Document ID : KB000033224
Last Modified Date : 14/02/2018
Show Technical Document Details

Question

I am trying to export Siteminder R12.52 Agent Keys and Session Keys from one environment and import them into a new environment. 

I used the smkeyexport command ti export the keys. When I open the output file (.smdif) I see 4 agent keys but no session key. The other key that shows up in the file is the persistent key. 

Is this key the same as the session key? Is there a different commend to export the session. I have searched the siteminder bookshelf but did not find anything specifc to exporting session key.

 

Answer

No, Session Key and Persistent Key/Session Ticket Key are NOT same. 

Session Keys- used to encrypt traffic to/from the PS

Session Ticket Keys/Persistent Key - used by PS to encrypt session and identity specs

Session Keys are NOT stored in the policy store. They are auto generated using some seed.

While operating in FCC Compat Mode, it uses RC4-128 bit cipher (Session Keys) to encrypt traffic between Policy Server and Web Agent.

While operating in FCC Migration Mode or FIPs Only Mode, it uses AES-128 bit cipher to encrypt traffic between Policy Server and Web Agent.