Cookies are used to collect information about you. Nexus uses this information to give you a better experience of the website (functional) and to count the pages you visit (statistics).
Click OK to give Nexus your consent to use cookies. Read more about Nexus' cookie policy.
The KEK token must be configured in the CF service (or in all computers running CF in case of a distributed configuration).
In kar.conf:
Add the crypto library to the list of crypto libraries (in the parameter kar.common.cryptolib.<#>.name).
Add the new KEK to the list of tokens: kar.common.token.<#>.tokenlabel and kar.common.token.<#>.pin.
Set the new KEK as the key to use for key archiving, that is, change the value for kar.archive.kek.0.tokenlabel and kar.archive.kek.0.keylabel.
Restart the system in order to make the changes take effect.
The value of kar.archive.kek.0.keylabel must be the label of the key. In case of an RSA key pair, it should be the label of the public key. To see the key label, use the command hwsetup -list.