Dell PowerVault TL4000 Dell PowerVault ML6000 Encryption Key Manager User's - Page 40
Editing the Configuration Properties Files, If You are Not Using Keytool
View all Dell PowerVault TL4000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 40 highlights
Note: Individual aliases and alias ranges must be unique. This is enforced when keys are generated on a given keystore/Encryption Key Manager instance. However, in a multiple Encryption Key Manager/Keystore environment, you should use a naming convention that maintains uniqueness across multiple instances in the event it becomes desirable to transport keys between instances while maintaining uniqueness of reference. After generating keys and aliases, update the symmetricKeySet property in the KeyManagerConfig.properties file to specify the new alias, range of aliases, or key group GroupID, the filename under which the symmetric keys are stored, and the filename where key groups are defined. (See "Creating and Managing Key Groups" on page 3-14 for details.) Only those keys named in the symmetricKeySet will be validated (checked for an existing alias and a symmetric key of the proper size and algorithm). If an invalid key is specified in this property, the key manager does not start and an audit record is created. The keytool utility also provides for the import and export of data keys to and from other keystores. An overview of each task follows. You can issue the keytool -ekmhelp to display all the key manager-related parameters covered in the following discussions. Editing the Configuration Properties Files To make changes to the KeyManagerConfig.properties or the ClientKeyManagerConfig.properties file: 1. Stop the Encryption Key Manager server. 2. Using the text editor of your choice, open the KeyManagerConfig.properties file to make changes to the server configuration, or the ClientKeyManagerConfig.properties file for the client configuration. Do not use Windows to edit the file for a Linux machine because of ^M. If you use Windows, edit the file with gvim/vim. 3. Change the property value(s) according to the directions provided in this document. 4. Save the file. 5. Restart the Encryption Key Manager server. If You are Not Using Keytool If you do not use keytool or the GUI to generate keys and aliases, you cannot generate ranges of keys compatible with the Encryption Key Manager. To generate individual keys compatible with the Encryption Key Manager, be sure to specify aliases using one of the following formats: v 12 printable characters or less (for example, abcdefghijk) v 3 printable characters, followed by two zeros, followed by 16 hexadecimal digits (for example, ABC000000000000000001) for a total of exactly 21 characters Generating Data Keys and Aliases Using Keytool -genseckey Note: Before using the keytool command for the first time in any session, run the updatePath script to set the correct environment. On Windows Navigate to cd c:\ekm and click updatePath.bat 3-10 Dell Encryption Key Mgr User's Guide