Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiWeb 7.6.3 CLI Reference
    7.6.3
    7.6.3
    7.6.1
    7.6.0
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.3.23
    6.2.8
    6.1.4
    5.7.0
    5.6.1
    5.6.0

    private-encryption-key

    private-encryption-key

    When private encryption is enabled (see system encryption-method), FortiWeb generates a private key to secure sensitive configurations. If private encryption is disabled and later re-enabled, a new private key is generated, which can cause backup configurations encrypted with the previous key to become unusable.

    To troubleshoot such scenarios, use the execute private-encryption-key sample command to generate a base64-encoded clear text string and its HMAC signature encrypted with the current private key. Before any private key changes, users should generate and record this sample for future verification.

    If a backup configuration fails to restore, the execute private-encryption-key verify command can be used to check whether the stored sample still matches the current private key. A failed verification indicates that a new private key was generated, confirming that the original key is no longer in use. If the verification passes, the private key remains unchanged.

    Syntax

    execute private-encryption-key sample

    execute private-encryption-key verify <sample>

    Variable Description Default
    sample Generate a base64-encoded clear text string and its HMAC signature encrypted using the private key. No default.

    verify <sample>

    Verify the HMAC signature of the provided base64-encoded clear text using the private key. Use the sample generated by execute private-encryption-key sample.

    No default.

    Example

    # execute private-encryption-key sample
B64TEXT: ec1d9EtAaX7ZHl6CBihdb4/8QdqgjWZwkrEqqJYswbk=
B64HMAC: hDYGL62rIeg4NuspIAt2Pd8thrE=
    # execute private-encryption-key verify ec1d9EtAaX7ZHl6CBihdb4/8QdqgjWZwkrEqqJYswbk= hDYGL62rIeg4NuspIAt2Pd8thrEa
Verification failed.

    Related topics

    system encryption-method

    Previous
    Next

    private-encryption-key

    private-encryption-key

    When private encryption is enabled (see system encryption-method), FortiWeb generates a private key to secure sensitive configurations. If private encryption is disabled and later re-enabled, a new private key is generated, which can cause backup configurations encrypted with the previous key to become unusable.

    To troubleshoot such scenarios, use the execute private-encryption-key sample command to generate a base64-encoded clear text string and its HMAC signature encrypted with the current private key. Before any private key changes, users should generate and record this sample for future verification.

    If a backup configuration fails to restore, the execute private-encryption-key verify command can be used to check whether the stored sample still matches the current private key. A failed verification indicates that a new private key was generated, confirming that the original key is no longer in use. If the verification passes, the private key remains unchanged.

    Syntax

    execute private-encryption-key sample

    execute private-encryption-key verify <sample>

    Variable Description Default
    sample Generate a base64-encoded clear text string and its HMAC signature encrypted using the private key. No default.

    verify <sample>

    Verify the HMAC signature of the provided base64-encoded clear text using the private key. Use the sample generated by execute private-encryption-key sample.

    No default.

    Example

    # execute private-encryption-key sample
B64TEXT: ec1d9EtAaX7ZHl6CBihdb4/8QdqgjWZwkrEqqJYswbk=
B64HMAC: hDYGL62rIeg4NuspIAt2Pd8thrE=
    # execute private-encryption-key verify ec1d9EtAaX7ZHl6CBihdb4/8QdqgjWZwkrEqqJYswbk= hDYGL62rIeg4NuspIAt2Pd8thrEa
Verification failed.

    Related topics

    system encryption-method

    Previous
    Next