The pbkey program generates an encryption key that is suitable for any of the Privilege Management encryption algorithms and stores it in a file that is specified on the command line or in the settings file. If pbrun, pbmasterd, or pblocald find the file /etc/pb.key, then they use it to encrypt data that is sent to the other programs.

If encryption is used, then the Privilege Management for Unix and Linux programs use the key that is specified in the settings file to encrypt local data and network traffic.

For network traffic, the contents of this file must be the same on all machines that are running Privilege Management for Unix and Linux for requests to execute. The file should be owned by root and have permissions set so that only root can read or write the file.

  • Version 3.5 and earlier: long command options not supported.
  • Version 4.0 and later: long command options supported.
  • Version 8.5 and later: -F option added.
pbkey [options]
	-f, --keyfile=key_file_name
	-F, --seckeyfile=key_file_name
pbkey –v | --version
pbkey –h | --help
f, --keyfile=key_file_name Optional. The name of the key file to create. The default is the value that is specified in the settings file or /etc/pb.key.
-F --seckeyfile=key_file_name Optional. The name of the new high security key file to create. This
-F --seckeyfile=key_file_name key file format must be used when enhanced security is required. Available in v8.5 or later.
-v, --version Optional. Displays the pbkey version and exits.
-h, --help Optional. Displays the program's help message and exits.
key_file_name The resulting key file.


Executing the command generates a new key and puts it into the file /etc/pb.key:
pbkey /etc/pb.key

For more information, please see the following: