SSFS Master key

Former Member · ‎06-24-2015

We recently received advisory to change the default master key as part of security measure.

I have a quick question on this.

The command listed for the change is as below

RSEC_SSFS_DATAPATH=/usr/sap/<SID>/SYS/global/hdb/security/ssfs RSEC_SSFS_KEYPATH=<path to key file> rsecssfx changekey <paste the new key from step 2 here>

Does the value to this path(RSEC_SSFS_KEYPATH) come from hdbuserstore key location, which is a file SSFS_HDB.DAT

Also RSEC_SSFS_DATAPATH seem to imply the file SSFS_SID.DAT(SID = HANA DB SID) residing in /usr/sap/<SID>/SYS/global/hdb/security/ssfs. Is my understanding correct ?

Regards

Kalyan

Former Member · ‎06-29-2015

Hi Kalyana,

Today only I got the chance to configure this.

RSEC_SSFS_DATAPATH=/usr/sap/<SID>/SYS/global/hdb/security/ssfs , this path is correct. Keep it as it is.

RSEC_SSFS_KEYPATH=<path to key file> rsecssfx changekey <paste the new key from step 2 here>

<path to key file>, this can be any path, but it should be secured. Only sidadm user of hana database should have rw access to key file.. I kept the path as /usr/sap/<SID>/SYS/global/hdb/security/ssfs .

The command will generate a key file SSFS_<SID>.KEY . Just make sure that only sidadm have access to read,write to this file (-rw-------) .

Then maintain the parameter in the global.ini and restart the system.

[cryptography]

ssfs_key_file_path = <path to key file>

Thanks

Amit

axel_rehe · ‎06-26-2015

We do have the same issue.

What is the correct value for <path to key file>?

Best regards, Axel

SSFS Master key

Accepted Solutions (0)

Answers (2)

Answers (2)

Re: Moving a part of existing "On-Premise ECC" to ...

Re: Getting data field from Action response using ...

Error while HANA Cloud tenant in Python on SAP HAN...

Re: Is it possible to Import and use a custom fior...

Re: System functions in SAP ABAP