000014846 - Error when storing key with Cisco SME after upgrading from RKM Appliance 1.5.x to 1.6.x

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014846
Applies ToRSA Key Manager Appliance
Cisco SME
IssueError when storing key with Cisco SME after upgrading from RKM Appliance 1.5.x to 1.6.x
Unable to encrypt using Cisco SME after migration
Resolution

If you are using Cisco SME with encryption against an RSA Key Manager Appliance, and you upgraded from 1.5.1 appliance to 1.6.1 appliance, a hotfix needs to be applied.

Create a new text file on the RKM appliance named /tmp/update_attributes.sql, with the following content:

-- Moving the Echidna Alias and IDs from Attributes table to Alias table
insert into security_object_alias (select value, '/echidna/alias', UUID from security_object_attribute where name like 'EchidnaKeyAlias');
insert into security_object_alias (select value, '/echidna/id', UUID from security_object_attribute where name like 'EchidnaKeyId');
delete from security_object_attribute where name in ('EchidnaKeyAlias', 'EchidnaKeyId');

-- Creating the Attribute spec for 1.6.1 (2.2 KMS)
insert into attribute_spec values ((select UUID from security_class where CLASSNAME like 'Vault'),'EchidnaApplicationData',0,1);
insert into attribute_spec values ((select UUID from security_class where CLASSNAME like 'Vault'),'EchidnaObjectVersion',0,1);
insert into attribute_spec values ((select UUID from security_class where CLASSNAME like 'Vault'),'EchidnaObjectIndex',0,1);
insert into attribute_spec values ((select UUID from security_class where CLASSNAME like 'Vault'),'EchidnaObjectKeyType',0,1);

-- deleting the attribute spec that is moved out to alias table
delete from attribute_spec where name='EchidnaKeyAlias';
delete from attribute_spec where name='EchidnaKeyId';
commit;


Then change to the Oracle user and execute it as the "local" user:

su - oracle
sqlplus local@$ORACLE_SID @/tmp/udpate_attributes.sql

WorkaroundRKM Appliance was upgraded from 1.5.1 to 1.6.1
NotesBZ 126593
Legacy Article IDa47172

Attachments

    Outcomes