pbkey | EPM-UL

The pbkey program generates an encryption key that is suitable for any of the Endpoint Privilege Management encryption algorithms and stores it in a file that is specified on the command line or in the settings file. If pbrun, pbmasterd, or pblocald find the file /etc/pb.key, then they use it to encrypt data that is sent to the other programs.

If encryption is used, then the EPM-UL programs use the key that is specified in the settings file to encrypt local data and network traffic.

For network traffic, the contents of this file must be the same on all machines that are running EPM-UL for requests to execute. The file should be owned by root and have permissions set so that only root can read or write the file.

Syntax

  • Version 3.5 and earlier: long command options not supported.
  • Version 4.0 and later: long command options supported.
  • Version 8.5 and later: -F option added.
pbkey [options]
    -f, --keyfile=key_file_name
-F, --seckeyfile=key_file_name
pbkey –v | --version
pbkey –h | --help

Arguments

ArgumentDescription
f, --keyfile=key_file_nameOptional. The name of the key file to create. The default is the value that is specified in the settings file or /etc/pb.key.
-F --seckeyfile=key_file_nameOptional. The name of the new high security key file to create. This -F --seckeyfile=key_file_name key file format must be used when enhanced security is required. Available in v8.5 or later.
-v, --versionOptional. Displays the pbkey version and exits.
-h, --helpOptional. Displays the program's help message and exits.

Files

key_file_nameThe resulting key file.

Example

Executing the command generates a new key and puts it into the file /etc/pb.key:

pbkey /etc/pb.key
ℹ️

For more information, see pbcheck, pblocald, pbmasterd, pbpasswd, pbreplay, pbsum.


©2003-2026 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.