Encrypting and shredding data
▼Exporting a key
When you export a key, you create a separate file called a key package that contains one or more keys. You can then send this file to another site that uses VTL, and administrators at that site can import the key package and use the associated keys to encrypt or decrypt data.
Creating a key package also provides you with a backup set of keys. If a particular key is accidentally deleted, you can import it from the key package so that you can continue to access the data encrypted using that key.
1.In the navigation tree, right‐click the server name and click Key Management.
2.Click Export.
3.In the Package Name text box, type the file name to use for this key package
4.In the Decryption Hint text box, type a three‐character hint.
When you subsequently attempt to import a key from this key package, you are prompted for a password. If you provide the correct password, the decryption hint specified here appears correctly on the Import Keys dialog box. If you provide an incorrect password, a different decryption hint appears. You can import keys using an incorrect password, but you will not be able to decrypt any files using those keys.
5.From the Select Keys to Export list, select the key(s) that you want to include in the key package.
When you select a key or click Select All, you are prompted to provide the password for each key. (If multiple selected keys use the same password, you are prompted for the password only once, when you select the first key that uses that password.)
After you type the password in the Password text box, that password appears in the Password for All Keys in Package area on the Export Keys dialog box. By default, the password is displayed as asterisks. To display the actual password, select the Show clear text check box.
If you selected a key and subsequently decide not to include it in the key package, you can clear the key. You can also clear all selected keys by clicking
96267 • G | Chapter 4 VTL operations 131 |
