I checked the softhsm and it works and i can display my slots.
Now i want to rebuild the softhsm docker image.
1 - What is the procedure to follow to regenerate my keys.
2 - should regenerate all keys for all modules ?
To regenerate the keys you need to run the keys-generator job to generate all the required keys for all MOSIP modules.
If all MOSIP modules are running, keys needs to regenerated for all modules.
Please note, keys regeneration is required only when you have deleted all the keys from softHSM module. before you run the keys-generator job you need to clear the keymanager DB key_alias & key_store table data.
Also note that any data which is encrypted with old keys will not be able to decrypt with the new set of generated keys and all existing data will not be recoverable.
Hi
I do regeneration only for key_mgr schema or also for IDA.
if also for IDA, please specify the config to be done.
Also for my partners, Should I regenerate all of them ?
a last question, can we export softhsm docker image that is built and working fine from one host to another ? I did it but the new image does not contains any keys as the original one.
If you want to regenerate keys for IDA, in IDA DB same key_alias & key_store tables will exists. You need to clean the entries from these tables and run the ida-keys-generator job to generate fresh keys.
You can use the existing partner keys but you have to onboard the partners again to get the new signed certificate from keymanager.
Yes, you can export existing softhsm docker image with existing set of keys into new host. However you have to use the same softHSM pin.