Dell PowerVault TL4000 Dell PowerVault ML6000 Encryption Key Manager User's - Page 30

Keytool -exportseckey " on page 3-12). When the other organization imports the symmetric key into their Encryption Key Manager keystore, it will be unwrapped using their corresponding private key (see "Importing Data Keys Using Keytool -importseckey " on page 3-12). This ensures that the symmetric key is safe in transit since only the holder of the private key is able to unwrap the symmetric key. With the symmetric key that was used to encrypt the data in their Encryption Key Manager keystore, the other organization will then be able to read the data on the tape. Federal Information Processing Standard 140-2 Considerations Federal Information Processing Standard 140-2 has become important now that the Federal government requires all its cryptographic providers to be FIPS 140 certified. This standard has also been adopted in a growing private sector community. The certification of cryptographic capabilities by a third party in accordance with government standards is felt to have increased value in this security-conscious world. The Encryption Key Manager does not provide cryptographic capabilities itself and therefore does not require, nor is it allowed to obtain, FIPS 140-2 certification. However, the Encryption Key Manager takes advantage of the cryptographic capabilities of the IBM JVM in the IBM Java Cryptographic Extension component and allows the selection and use of the IBMJCEFIPS cryptographic provider, which has a FIPS 140-2 level 1 certification. By setting the fips configuration parameter to on in the Configuration Properties file, you make the Encryption Key Manager use the IBMJCEFIPS provider for all cryptographic functions. See the documentation from specific hardware and software cryptographic providers for information on whether their products are FIPS 140-2 certified. 2-10 Dell Encryption Key Mgr User's Guide