What is the originator info?
Originally Published: 2010-10-21
Article Number
Applies To
Issue
What is the originator info (or ORIGINATOR_INFO, or originator ID)
Resolution
Originator information is stored in the application registration file. It is a way to uniquely identify the source where encryption was done.
A new Originator ID is requested to RKM server automatically when the RKM client detects a client environment or configuration change such as:
- Operation user account name has changed. (Operating system login user)
- IP address has changed
- Host name has changed
- Credentials have changed. (Client Identity certificate changed)
RKM 2.7 introduced the concept of originator information.
Originator information is a related to client registration. This is described starting on page 43 of the 2.7.1 C# Client Developer's Guide. The following information appears on page 45:
"If the Key Manager C# Client application is registered with a Key Manager Server, or if the Key Manager C# Client detects an environment change (such as a change of IP address), it automatically requests the information from the Key Manager Server and stores it in the registration file to renew the originator information. If the Key Manager Server is unavailable, or transport is disabled for local cache operations and environment data has been changed, encryption operations will normally fail because the Key Manager C# Client cannot renew the originator information. However, if high availability encryption is required, add the following parameter to the registration file:
client.origin_info.optional_in_ciphertext=true
When this option is set to true, the originator information renewal error is ignored and the Key Manager C# Client does not add the originator identifier in the cipher text."
So, if there has been an environment change (such as IP address) on the RKM client, the client will try to retrieve updated originator info from the RKM server. If the RKM client cannot contact the RKM Server, encryption operations will fail unless the following is set in the C or C# client registration file (not the configuration file):
client.origin_info.optional_in_ciphertext=true
The Java client implements this differently. It has a different variable that needs to be set in the configuration file:
high.availability=true
Regardless of whether you're running in high availability mode, when the client can't contact the server, you may see non-fatal errors in the client logs such as: "Error reading origin info from RKM server, ret: 10003".
Related Articles
Cloud Administration Retrieve License Usage API Version 2 Number of Views Additional Apache Struts INFO level messages in WebLogic log files. Number of Views .\src\service_provider\https_svc_impl.c:488 - ret = 10022. HTTP error in Key Reponse: 302 Number of Views How to retrieve ECDH public key data after R_CR_key_exchange_phase_1() Number of Views 'java.lang.IllegalArgumentException' when retrieving a key Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Release Notes for RSA Authentication Manager 8.8 RSA RADIUS Server service failed to start in the RSA Authentication Manager 8.1 Operations Console Microsoft Entra ID External MFA - Relying Party Configuration Using OIDC - RSA Ready Implementation Guide RSA Release Notes: Cloud Access Service and RSA Authenticators
Don't see what you're looking for?
