Dell PowerVault TL4000 Dell PowerVault ML6000 Encryption Key Manager User's - Page 41
On Linux platforms, keytool -genseckey, alias, aliasrange, keypass, must be, identical, Enter
View all Dell PowerVault TL4000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 41 highlights
On Linux platforms Navigate to /var/ekm and enter . ./updatePath.sh | The Keytool utility generates aliases and symmetric keys for encryption on LTO 4 | and LTO 5 Tape Drives using LTO 4 and LTO 5 tape. Use the keytool -genseckey command to generate one or more secret keys and store them in a specified keystore. keytool -genseckey takes the following parameters: -genseckey [-v] [-protected] [-alias | aliasrange ] [-keypass ] [-keyalg ] [-keysize ] [-keystore ] [-storepass ] [-storetype ] [-providerName ] [-providerClass [-providerArg ] ... [-providerPath ] These parameters are of particular importance when generating data keys for | Encryption Key Manager to serve to the LTO 4 and LTO 5 drives for tape encryption: -alias Specify an alias value for a single data key with up to 12 printable characters (for example, abcfrg or key123tape). -aliasrange When generating multiple data keys, aliasrange is specified as a 3-character alphabetic prefix followed by lower and upper limits for a series of 16-character (hexadecimal) strings with leading zeroes filled in automatically to construct aliases 21-characters in length. For example, specifying key1-a would yield a series of aliases from KEY000000000000000001 through KEY00000000000000000A. Specifying an aliasrange value of xyz01-FF would yield XYZ000000000000000001 through XYZ0000000000000000FF , which would generate 255 symmetric keys. -keypass Specifies a password used to protect the data key. This password must be identical to the keystore password. If no password is specified, you are prompted for it. If you press Enter at the prompt, the key password is set to the same password as that used for the keystore. keypass must be at least six characters long. Note: Once you have set the keystore password, do not change it unless its security has been breached. See "Changing Keystore Passwords" on page 3-12. -keyalg Specifies the alogrithm to be used to generate the data key. This value must be specified as AES. -keysize Specifies the size of the data key to be generated. The key size must be specified as 256. Examples of acceptable aliases that could be associated with symmetric keys are: abc000000000000000001 abc00a0120fa000000001 Examples of aliases that would not be accepted by the key manager are: Chapter 3. Installing the Encryption Key Manager and Keystores 3-11