Symantec Access Management

  • Private Community

  • 1.  export session key

    Broadcom Employee
    Posted Sep 23, 2015 11:54 PM

    Hi All,

    I am trying to export Siteminder R12.52 Agent Keys and Session Keys from one environment and import them into a new environment. I used the smkeyexport command ti export the keys. When I open the output file (.smdif) I see 4 agent keys but no session key. The other key that shows up in the file is the persistent key. Is this key the same as the session key? Is there a different commend to export the session. I have searched the siteminder bookshelf but did not find anything specifc to exporting session key.

    Need help.

    Thanks



  • 2.  Re: export session key

    Posted Sep 24, 2015 01:59 AM

    Hi opojo01,

     

    Session Ticket key value encrypted with policy store key becomes the persistent key.

     

    Best regards,

    Kelly



  • 3.  Re: export session key
    Best Answer

    Posted Sep 24, 2015 02:16 AM

    No, Session Key and Persistent Key/Session Ticket Key are NOT same.

     

     

    Session Keys- used to encrypt traffic to/from the PS

    Session Ticket Keys/Persistent Key - used by PS to encrypt session and identity specs

     

    Session Keys are NOT stored in the policy store. They are auto generated using some seed.

    While operating in FCC Compat Mode, it uses RC4-128 bit cipher (Session Keys) to encrypt traffic between Policy Server and Web Agent.

    While operating in FCC Migration Mode or FIPs Only Mode, it uses AES-128 bit cipher to encrypt traffic between Policy Server and Web Agent.