Skip to main content

Machine Key Tool

Introduction

Use this guide to install and use the Machine Key Tool.

Applies to

SecureAuth IdP

Discussion

What is the Machine Key Tool?

The Machine Key Tool enables an administrator to backup, restore, and grant / revoke privileges for a SecureAuth IdP Appliance machine key (NetFrameworkConfigurationKey). A machine key is used for encrypting / decrypting the SecureAuth IdP web.config files.

Disclaimer

THIS SOFTWARE IS PROVIDED "AS IS" AND SECUREAUTH CORPORATION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL SECUREAUTH CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHAT SO EVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

System Requirements

The Machine Key Tool requires a SecureAuth IdP Appliance on Microsoft Windows Server 2008 R2, 2012, or 2012 R2.

Installation

1) Contact Support for the MachineKeyTool.zip file. Download the file.

2) Navigate to the download, right-click on the archive, select Properties, and switch to the General tab

3) If there is a button titled Unblock present in the tab, then click it, and press OK to dismiss the Properties window

35455741.png

4) Navigate to the download, right-click on the archive, and select Extract All...

5) Extract the archive to D:\MFCApp_Bin\Extras

35455742.png

Usage

1) To backup the Machine Key, navigate to D:\MFCApp_bin\Extras\MachineKeyTool and run Machine Key Tool.bat

The Splash page displays

35455743.png

The Legal disclaimer displays

2) Type AGREE at the prompt to accept the terms, and press Enter and continue to step 3

Note

If the terms are not agreeable, then press Enter and the script exits automatically

35455744.png

The Main Menu displays

3) Type 1 and press Enter to start the backup

35455745.png

4) Provide a strong password to protect the backup and press Enter to continue

Warning

Passwords may only contain the following special characters @ # $ % * ( ) + ?; and if an unsupported character is used, the backup may fail

35455746.png

The backup will now begin running

35455747.png

The backup process is complete

35455748.png

Decrypt the web.config Files

Before performing a restore, it is necessary to decrypt the web.config files through the SecureAuth administrative interface

See the SecureAuth IdP Realm Guide and go to the section, Decrypting / Encrypting Realms.

1) To restore a Machine Key from backup, navigate to D:\MFCApp_bin\Extras\MachineKeyTool and run Machine Key Tool.bat

The Splash page displays

The Legal disclaimer displays

2) Type AGREE at the prompt to accept the terms, and press Enter and continue to step 3

Note

If the terms are not agreeable, then press Enter and the script exits automatically

35455744.png

The Main Menu displays

3) Type 2 and press Enter to start the restore

35455745.png

4) Select the backup file to restore by entering its number, and press enter

Note

The backup files are located at D:\MFCApp_Bin\SecureAuth_Archive

35455840.png

5) Enter the password used to encrypt the backup file

35455841.png

6) Type OK to continue with the restore or CANCEL to abort the restore process

35455842.png

The Restore process will now run

35455843.png

The restore process is now complete

1) To allocate access control via privileges, navigate to D:\MFCApp_bin\Extras\MachineKeyTool and run Machine Key Tool.bat

The Splash page displays

35455743.png

The Legal disclaimer displays

2) Type AGREE at the prompt to accept the terms, and press Enter and continue to step 3

If the terms are not agreeable, then press Enter and the script exits automatically

35455744.png

The Main Menu displays

3) Type 3 and press Enter to start the restore

35455745.png

The Privileges Menu displays

3) Select the type of right to control

35455857.png

Machine Key Tool Release History

1.0.0: 2015-05-15

  • Initial release of tool

1.1.0: 2016-05-17

  • Deprecated WebConfigManager

  • Updated 7Zip library to v16.0.0.0 to address reported security vulnerabilities