Is it mandatory to regenerate encryption keys every month?


This article answers the question of whether encryption keys have to be regenerated every 30 days and if anything can be done so that administrators do not have to create keys every month when users encounter the below error message when attempting to log in:

"Encryption keys are outdated. Please contact your system administrator to regenerate the keys"



Starting with Everest 6, all credit card sensitive data is encrypted using standalone cryptographic keys that must be regenerated using the KeyMgmt.exe utility every 30 days.

This setting is not configurable and therefore Everest administrators must regenerate new encryption keys every month to prevent users from getting the above error message.

Administrators should follow the steps outlined in Generate Encryption Keys for Credit Card Data for detailed steps on how to regenerate encryption keys if this error is encountered.

It is recommended that this is done proactively before the 30 days elapse so that Everest users never encounter the error message.

Back to top



Please sign in to leave a comment.