Restoring the databases or other data requires the inverse command steps. For 4.20 SecurityServer, the following script can be used as a starting point.
|
The csadm command stacks two RestoreDatabase commands, to upload the user and internal key databases from the working directory. If you have custom databases, you can add additional RestoreDatabase=<file>.db commands at the end of this command. The commands are sourcing the backup files from the working directory, and will load them into the CryptoServer, where they will be immediately available.
Database restores are done line-by-line, not by replacing the resident file with a different one. This means that if there is a user in the HSM, but not in the backup, that user will still be in the HSM user.db after the restore.
Make sure that you have deleted the factory-default 'ADMIN' user prior to making backups of the user.db database.
The combined permission for the above command should be at least (12000000). The 2 in slot 6 allows the RestoreDatabase command to be run, and the 1 in slot 7 provides the authentication requirement to make a restore of the CryptoServer users database.
If the MBK used to back up the artifacts is different from the one resident on the target CryptoServer, the command will fail and the existing databases will not be modified.
Because commands and command syntax may change between releases, this document shows which commands are used to perform which tasks, but it does not, in general, explicitly show the syntax necessary for that command. Also, the commands you have available to you may have options that you can take advantage of for your local policies. Issue the help command to get the syntax for the variant of the command, and options, available in the tools you have.