Using the Different Encryption Keys

After a new key is added to the keystore, the key is used as the default encryption key. Everything encrypted inside IdentityIQ then uses the new key. For example:

$ ./iiq console
> encrypt test
2:bt7YJA6iovzF5Uu6RIjueg==
>

There is one exception. The command iiq encrypt, continues to use the original default encryption key:

$ ./iiq encrypt test
1:8zJwAXqvK5/b92JbPXLLKw==
$

Although the syntax reported by the bare command does not indicates this, the command accepts an extra parameter to select the encryption key to use. For example:

iiq encrypt string [key]

Note: The encrypt command in the iiq console does NOT accept this extra parameter.

The key is the number that displays in the list command and used as prefix for the keys.

  • To select the newly created key, use 2. If multiple keys are in the keystore, use any available higher number.

  • To select the original default key use 1 or nothing.

For example:

$ ./iiq encrypt test 1
1:8zJwAXqvK5/b92JbPXLLKw==
$ ./iiq encrypt test 2
2:bt7YJA6iovzF5Uu6RIjueg==