000015076 - What is the originator info?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000015076
Applies ToRSA Key Manager 2.7 and up
IssueWhat is the originator info
What is the originator info (or ORIGINATOR_INFO, or originator ID)
Resolution

Originator information is stored in the application registration file. It is a way to uniquely identify the source where encryption was done.

A new Originator ID is requested to RKM server automatically when the RKM client detects a client environment or configuration change such as:

  • Operation user account name has changed.  (Operating system login user)
  • IP address has changed
  • Host name has changed
  • Credentials have changed. (Client Identity certificate changed)

RKM 2.7 introduced the concept of originator information.

Originator information is a related to client registration. This is described starting on page 43 of the 2.7.1 C# Client Developer's Guide. The following information appears on page 45:

"If the Key Manager C# Client application is registered with a Key Manager Server, or if the Key Manager C# Client detects an environment change (such as a change of IP address), it automatically requests the information from the Key Manager Server and stores it in the registration file to renew the originator information.  If the Key Manager Server is unavailable, or transport is disabled for local cache operations and environment data has been changed, encryption operations will normally fail because the Key Manager C# Client cannot renew the originator information. However, if high availability encryption is required, add the following parameter to the registration file:

client.origin_info.optional_in_ciphertext=true

When this option is set to true, the originator information renewal error is ignored and the Key Manager C# Client does not add the originator identifier in the cipher text."

So, if there has been an environment change (such as IP address) on the RKM client, the client will try to retrieve updated originator info from the RKM server. If the RKM client cannot contact the RKM Server, encryption operations will fail unless the following is set in the C or C# client registration file (not the configuration file):

client.origin_info.optional_in_ciphertext=true

The Java client implements this differently. It has a different variable that needs to be set in the configuration file:

high.availability=true

Regardless of whether you're running in high availability mode, when the client can't contact the server, you may see non-fatal errors in the client logs such as: "Error reading origin info from RKM server, ret: 10003".
Legacy Article IDa52669

Attachments

    Outcomes