Dropping a key copy  Loss of login password

Chapter 8: Recovering Keys from Lost Passwords


Loss of password on key copy

If a user loses a password for the encryption key, the key custodian must drop the user’s copy of the encryption key and issues to the user another copy of the encryption key with a new password.

In this example, the key custodian assigned a copy of key1 to “bill”, and “bill” changed his password on key1 to a password known only to him. After losing his password, “bill” requests a new key copy from the key custodian.

  1. The key custodian deletes Bill’s copy of the key:

    alter encryption key key1
     drop encryption for user bill

  2. The key custodian makes a new copy of key1 for user “bill” and gives “bill” the password:

    alter encryption key key1
     with passwd 'MotherofSecrets'
     add encryption with passwd 'over2bill'
     for user bill

  3. “bill” automatically has permission to alter his own copy of key1:

    alter encryption key key1
     with passwd 'over2bill'
     modify encryption
     with passwd 'billsnupasswd'



Copyright © 2011. Sybase Inc. All rights reserved. Loss of login password

View this document as PDF