Encrypting and shredding data
Each key consists of a secret phrase. For additional security, each key is password‐ protected. You must provide this password in order to change the key name, password, or password hint, or to delete or export the key.
You can apply a single key to all virtual tapes when you export them to physical tape, or you can create a unique key for each one. Creating multiple keys provides more security; in the unlikely event that a key is compromised, only the tapes that use that key would be affected. However, if you use multiple keys, you must keep track of which key applies to each tape so that you use the correct key to decrypt the data when you import the physical tape back to virtual tape.
Note: If you apply an incorrect key when importing a tape, the data imported from that tape will be indecipherable.
Once you have created one or more keys, you can export them to a separate file called a key package. If you send encrypted tapes to other locations that run VTL, you can also send them the key package. By importing the key package, administrators at the other sites can then decrypt the tapes when they are imported back into virtual tape libraries managed by VTL.
You can enable encryption and specify which key to use when you either manually import or export a tape or when you use the auto‐archive/replication feature.
For instructions, see the following:
■“Creating a key” on page 128
■“Changing a key name or password” on page 129
■“Deleting a key” on page 130
■“Exporting a key” on page 131
■“Importing a key” on page 132
■“Shredding a virtual tape” on page 133.
▼Creating a key
1.In the navigation tree, right‐click the server name and click Key Management.
2.Click New.
3.In the Key Name text box (A below), type a unique name for the key
4.In the Secret Phrase text box (B below), type the phrase
Save your secret phrase. Once you have created a key, you cannot change the secret phrase associated with that key.
128 VTL User Guide • May 2008 | G • 96267 |
