Manuals / HP / Computer Equipment / Software

HP Secure Encryption manual Appendix, Encryption algorithms

Models: Secure Encryption

1 77

Download 77 pages 59.56 Kb

Page 71

Appendix

Encryption algorithms

In keeping with the encryption standards outlined in FIPS 140-2

(http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/FIPS1402IG.pdf), controllers utilizing HP Secure Encryption are designed to meet FIPS-140-2 Level 2 requirements by implementing both physical security and cryptographic methods in protecting data-at-rest. Specifically, HP Secure Encryption satisfies the cryptographic requirements established in FIPS 140-2 by using NIST-approved algorithms in protecting both data and encryption keys. For more information, see the Cryptographic Algorithm Validation Program website (http://csrc.nist.gov/groups/STM/cavp/standards.html).

Algorithm	Description

XTS-AES 256-bit	The XTS algorithm is used to encrypt data on the drive platter as described in NIST
	special publication SP 800-38E.
AES-ECB	The AES algorithm is used to perform symmetric key encryption.
SHA-256	The SHA secure hashing algorithms are described in FIPS 180-4.
HMAC	The HMAC algorithm is described in the FIPS 198-1 standard.
PBKDF2	The PBKDF2 algorithm derives cryptographic keying material from user-provided
	passwords. The algorithm is described in NIST special publication SP 800-132.
DRBG	An implementation of the SP800-90A algorithm is used to produce random bit
	sequences.

Appendix 71

Image 71

HP Secure Encryption manual Appendix, Encryption algorithms

Contents

HP Secure Encryption Installation and User Guide Page Contents Support and other resources About HP Secure Encryption OverviewBenefits Encryption featuresFeature Description Eskm HP ProLiant servers Solution componentsHP Smart Storage Administrator Minimum requirements HP Smart Array ControllerHP SmartCache HP iLOHP Eskm and key management HP Enterprise Secure Key Manager 3.1 and laterLicensing Planning Encryption setup guidelinesRecommended security settings at remote sites Encrypted backupsRemote and local key management requirements Security domainsDeployment scenarios Configuring the controller local mode ConfigurationLocal key management mode Configuration Configuring Remote Key Management Mode Remote Key Management ModeAdding a user Configuring the HP EskmLogging in to the HP Eskm Configuration Adding a group Assigning a user to a group Configuration Configuration Creating a Master Key Running a key query Placing a key in a groupConfiguration Assigning a key to a group Configuring HP iLO Connecting HP iLO to HP Eskm Configuration Configuring the controller remote mode Configuration Logging into Encryption Manager Accessing Encryption ManagerOperations Opening Encryption ManagerSet or change the Crypto Officer password Managing passwordsSet or change user account password Set or change the password recovery questionSet or change the controller password Suspending the controller password Resuming the controller password Rekeying the Drive Encryption Keys Working with keysChanging the Master Encryption Key Rescanning keys Creating a plaintext volumeOperations Operations Converting plaintext volumes into encrypted volumes Changing key management modes Enabling/disabling plaintext volumes Enabling/disabling the firmware lock Enabling/disabling local key cache Importing drives with different Master Keys Importing drive sets in Local Key Management ModeOperations Controllers MaintenanceEncryption Manager DrivesFlashing firmware Replacing a physical driveQuery by drive serial number GroupsLocating groups associated with a drive Maintenance Query by previous server name Maintenance Displaying log information Running queries Maintenance Maintenance Maintenance Lost or forgotten controller password TroubleshootingCommon issues Lost or forgotten Crypto Officer passwordLost or forgotten Master Key Local modeRemote mode Locating the key using the HP EskmLocating the key using iLO Forgotten which Master key goes with which drive Master key not exporting Logical drives remain offlineTesting the connection between HP iLO and the HP Eskm Potential errors encountered Error Description Action Clearing the encryption configuration HP contact information Support and other resourcesBefore you contact HP Encryption algorithms AppendixGlossary Plaintext ILOLocal Master Encryption Key Master Encryption KeyRemote Key Manager Volume encryption keyDocumentation feedback Eskm IndexIndex