Seagate 15K.2 Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 10
Authentication, Decrypt the encrypted encryption key, Clear encryption key encrypts and decrypts,
UPC - 715663213772
View all Seagate 15K.2 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 10 highlights
Self-Encrypting Drives for Servers, NAS and SAN Arrays The following describes the steps that occur during the authentication process of a previously secured drive (see Figure 5): Figure 5 1. Authentication • The storage system gets the authentication key from the key management service and sends it to the correct locked drive. • The drive hashes the authentication key and compares the result with the hash of the authentication key that's stored in a secure area of the disk. • If the two hashed authentication key values do not match, the authentication process ends, and the drive will not permit reading data from the disk. The drive remains locked. Note that the drive never sends cipher text from the drive. 2. Decrypt the encrypted encryption key • If the two hashes match, the drive is then unlocked, and the drive uses the authentication key it received from the storage system to decrypt a copy of the encryption key (which was previously encrypted with the authentication key) that's stored in a secure area of the disk. Once the authentication process is successfully completed, the drive is unlocked until the next time it is powered down. Note that this authentication process only occurs when the drive is first powered on; it does not repeat with each read and write operation. 3. Clear encryption key encrypts and decrypts the data • The clear-text encryption key is then used to encrypt data to be written to the disk and to decrypt data that's being read from the disk. • The drive now works in standard fashion during data transfers, with encryption and decryption transparently occurring in the background. Once the drive is put in auto-lock mode, it can be put back into secure erase-only mode only after a secure erase is performed. If an owner wishes to repurpose or retire the drive (i.e., change the drive from being in an auto-lock mode to a secure erase-only mode so that someone else can use the drive), the owner would simply perform a secure erase to replace the encryption key. 10