Video Screencast Help

Change Passphrase in SED in GKM

Created: 03 Sep 2014 | 5 comments
rojopipe's picture

Hi Guys,

I have 10 PCs with SED 10.3.2 in GKM. Each PC has 5 users who authenticate at different times. So, the same user can authenticate to the 10 PCs. Therefore, in each of the 10 PCs is the private key of each of the 5 users in their respective profile.

As I can proceed to change the phassprase one or all users ..?

Thank you for your help.

NOTE: Therefore, emerged the question of how to change the passphrase if in SKM ...?

Operating Systems:

Comments 5 CommentsJump to latest comment

Anthony_Betow's picture

Hello,

If the keys are in GKM mode then the passphrase would have to be changed on each PC manually.  PGP doesn't have a feature to change Passphrase for all of the users's keys.

If you use GKM mode then it is highly recommended to enable Key reconstruction in your policy.  If a user forgets the passphrase and no recovery option for the keys then your keys become useless.

If you use SKM mode with SSO option with silent enrollnment then you can update your passphrase on the key pair by changing your Window's password.  The key pair would use the user's Windows password as the passphrase.

Thanks

Anthony

rojopipe's picture

Hi Anthony_Betow,

For this change is necessary exit PGP services in the remaining PCs..? Yesterday, i try to change in one and appears a error: "There was an error: concurrent writes were detected in a database shared key."

Regards.

Anthony_Betow's picture

Hello,

Is the error that your seeing say something like Dulpicate key violation?

Users with GKM mode for keys cannot be signed in to multiple PC's with GKM keys.  This will cause a violation of key usage.

If you want multiple users on multiple PC's then use SKM mode for key management. 

Thanks

Anthony

rojopipe's picture

Thanks Anthony_Betow,

With SKM mode for key management of multiple user on multiple PC´s, one user will can have multiple private key in his profile and another user will can have the same private keys too (both in multiple PC's)..?

I understand that I can be outside than usual. Where I'm working security is complex and fairly particular.

Regards.

 

Mike Ankeny's picture

With SKM mode, the server controls the keys, and distributes it to the end user when the user logs in and the server autenticates them.  Since it is handled by the server, the user would not need to change the key passphrase.  Each user will have only one keypair, and it will be distributed to whatever system they log into.