Export Tokens From Database (PSKC)


I am trying to export tokens from the database that has been imported with a PSKC file. Are there methods to extract this Value from the database for each token according to the PSKC?

Example Token:


  • Quoc

Hi Quoc,

No, there is no method to export the token seeds.
Of course, the system root administrator can read the pi.cfg, the enckey and the database, so he unencrypt the tokens seeds and export them reencrypted.

I would also put this to the command line for the user root, since root already has the means to do this (and thus the access rights), while a token administrator in the UI does not. I would not add this to the UI!

What is your use case in this scenario? Why do you want to export the tokens and where do you want to import the tokens again? These are hardware tokens? Did you loose the PSKC file?
Also: I guess you are using the AESHSM?

Kind regards


That sounds proper, only root admins should be able to do those sort of token operations.

The exported tokens are for auditing. If a customer request the token seeds then we can export thm and re-enrypt with a new pre-shared key.

Yes for Hardware and AESHSM.

– Quoc

See https://github.com/privacyidea/privacyidea/issues/790