Managing Encryption Keys
- How to change the encryption keys to your SAP HANA, express edition installation to make it more secure
SAP HANA, express edition shares the same encryption keys across installations. For security purposes, generate new encryption keys for your SAP HANA, express edition installation.
- Step 1
Open your SAP HANA Studio and connect to your database as the SYSTEM user. Open an SQL console and run the following:bashCopy
SELECT * FROM SYS.M_SECURESTORE; SELECT * FROM SYS.CREDENTIALS; SELECT * FROM SYS.P_DPAPI_KEY_ WHERE caller = 'XsEngine'; SELECT * FROM PSE_CERTIFICATES WHERE certificate_usage = 'OWN';
You receive four results pages. The first page will give you the reset count to three encryption logs. If this is your first attempt to reset the encryption keys, the
RESET_COUNTcolumn will read
The next three result pages should not contain any entries. If one of these pages has an entry, you may want to contact your HANA administrator before proceeding as you will lose access to the files listed.
- Step 2
Using your preferred web browser, go to the SAP HANA Academy GitHub page and enter the HXE repository. Click the
SSFSfolder and select
changeSSFSMasterKeys.sh. Click Raw.
Press Ctrl + a to select all, and then Ctrl + c to copy the code.
- Step 3
Log into your SAP HANA, express edition installation using a your preferred command prompt. Log in as
hxeadm. In the
/usr/sap/HXE/homedirectory, create the
su -l hxeadmbashCopy
In the editor, paste the code from the SAP HANA Academy page. Press
Escto exit then
:wqto write and quit the editor.
- Step 4
chmod u+x changeSSFSMasterKeys.sh
- Step 5
Follow the on-screen prompts to reset your encryption keys. This process will take some time.
- Step 6
Return to SAP HANA Studio and run this part of the previous SQL command:bashCopy
SELECT * FROM SYS.M_SECURESTORE;
DPAPIwill increase by 1.