Skip to Content

Managing Encryption Keys

test
0 %
Managing Encryption Keys
Details

Managing Encryption Keys

John Currie
John Currie
October 28, 2020
Created by
John Currie
April 13, 2018
Beginner
10 min.
SAP HANA, express edition, Tutorial, Beginner
This tutorial will cover how to change the encryption keys to your SAP HANA, express edition installation.

You will learn

  • How to change the encryption keys to your SAP HANA, express edition installation to make it more secure
QR code

Prerequisites

SAP HANA, express edition shares the same encryption keys across installations. For security purposes, generate new encryption keys for your SAP HANA, express edition installation.

Step 1: Check if Encryption Keys have Reset
View Full Instructions

Open your SAP HANA Studio and connect to your database as the SYSTEM user. Open an SQL console and run the following:

SELECT * FROM SYS.M_SECURESTORE;
SELECT * FROM SYS.CREDENTIALS;
SELECT * FROM SYS.P_DPAPI_KEY_ WHERE caller = 'XsEngine';
SELECT * FROM PSE_CERTIFICATES WHERE certificate_usage = 'OWN';

You receive four results pages. The first page will give you the reset count to three encryption logs. If this is your first attempt to reset the encryption keys, the RESET_COUNT column will read 0.

The next three result pages should not contain any entries. If one of these pages has an entry, you may want to contact your HANA administrator before proceeding as you will lose access to the files listed.

Done
Log on to answer question
Step 2: Copy the SAP HANA Academy code

Using your preferred web browser, go to the SAP HANA Academy GitHub page and enter the HXE repository. Click the SSFS folder and select changeSSFSMasterKeys.sh. Click Raw.

SAP HANA Academy GitHub

Press Ctrl + a to select all, and then Ctrl + c to copy the code.

Done
Log on to answer question
Step 3: Create the changeSSFSMasterKeys.sh File
View Full Instructions

Log into your SAP HANA, express edition installation using a your preferred command prompt. Log in as hxeadm. In the /usr/sap/HXE/home directory, create the changeSSFSMasterKey.sh file.

su -l hxeadm

cd /usr/sap/HXE/home

vi changeSSFSMasterKeys.sh

In the editor, paste the code from the SAP HANA Academy page. Press Esc to exit then :wq to write and quit the editor.

Done
Log on to answer question
Step 4: Change the Permissions of changeSSFSMasterKeys.sh
View Full Instructions

Give changeSSFSMasterKeys.sh execute permissions.

chmod u+x changeSSFSMasterKeys.sh
Done
Log on to answer question
Step 5: Run the Script
View Full Instructions

Execute the changeSSFSMasterKeys.sh script.

./changeSSFSMasterKeys.sh

Follow the on-screen prompts to reset your encryption keys. This process will take some time.

Done
Log on to answer question
Step 6: Check if Encryption Was Successful
View Full Instructions

Return to SAP HANA Studio and run this part of the previous SQL command:

SELECT * FROM SYS.M_SECURESTORE;

The RESET_COUNT for the KEY_TYPE DPAPI will increase by 1.

Done
Log on to answer question

Next Steps

Navigate tutorial steps

QR Code

QR code
Back to top