Dell PowerVault TL4000 Dell PowerVault ML6000 Encryption Key Manager User's - Page 41

On Linux platforms, keytool -genseckey, alias, aliasrange, keypass, must be, identical, Enter

Get Dell PowerVault TL4000 PDF manuals and user guides View all Dell PowerVault TL4000 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 41 highlights

On Linux platforms Navigate to /var/ekm and enter . ./updatePath.sh | The Keytool utility generates aliases and symmetric keys for encryption on LTO 4 | and LTO 5 Tape Drives using LTO 4 and LTO 5 tape. Use the keytool -genseckey command to generate one or more secret keys and store them in a specified keystore. keytool -genseckey takes the following parameters: -genseckey [-v] [-protected] [-alias | aliasrange ] [-keypass ] [-keyalg ] [-keysize ] [-keystore ] [-storepass ] [-storetype ] [-providerName ] [-providerClass [-providerArg ] ... [-providerPath ] These parameters are of particular importance when generating data keys for | Encryption Key Manager to serve to the LTO 4 and LTO 5 drives for tape encryption: -alias Specify an alias value for a single data key with up to 12 printable characters (for example, abcfrg or key123tape). -aliasrange When generating multiple data keys, aliasrange is specified as a 3-character alphabetic prefix followed by lower and upper limits for a series of 16-character (hexadecimal) strings with leading zeroes filled in automatically to construct aliases 21-characters in length. For example, specifying key1-a would yield a series of aliases from KEY000000000000000001 through KEY00000000000000000A. Specifying an aliasrange value of xyz01-FF would yield XYZ000000000000000001 through XYZ0000000000000000FF , which would generate 255 symmetric keys. -keypass Specifies a password used to protect the data key. This password must be identical to the keystore password. If no password is specified, you are prompted for it. If you press Enter at the prompt, the key password is set to the same password as that used for the keystore. keypass must be at least six characters long. Note: Once you have set the keystore password, do not change it unless its security has been breached. See "Changing Keystore Passwords" on page 3-12. -keyalg Specifies the alogrithm to be used to generate the data key. This value must be specified as AES. -keysize Specifies the size of the data key to be generated. The key size must be specified as 256. Examples of acceptable aliases that could be associated with symmetric keys are: abc000000000000000001 abc00a0120fa000000001 Examples of aliases that would not be accepted by the key manager are: Chapter 3. Installing the Encryption Key Manager and Keystores 3-11

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
On Linux platforms
Navigate to /var/ekm and enter
. ./updatePath.sh
The Keytool utility generates aliases and symmetric keys for encryption on LTO 4
and LTO 5 Tape Drives using LTO 4 and LTO 5 tape. Use the
keytool -genseckey
command to generate one or more secret keys and store them in a specified
keystore.
keytool -genseckey
takes the following parameters:
-genseckey
[-v] [-protected]
[-alias <alias> | aliasrange <aliasRange>] [-keypass <keypass>]
[-keyalg <keyalg>] [-keysize <keysize>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-providerName <name>]
[-providerClass <provider_class_name> [-providerArg <arg>] ...
[-providerPath <pathlist>]
These parameters are of particular importance when generating data keys for
Encryption Key Manager to serve to the LTO 4 and LTO 5 drives for tape
encryption:
-alias
Specify an
alias
value for a single data key with up to 12 printable characters
(for example,
abcfrg
or
key123tape
).
-aliasrange
When generating multiple data keys,
aliasrange
is specified as a 3-character
alphabetic prefix followed by lower and upper limits for a series of
16-character (hexadecimal) strings with leading zeroes filled in automatically to
construct aliases 21-characters in length. For example, specifying
key1-a
would
yield a series of aliases from
KEY000000000000000001
through
KEY00000000000000000A
. Specifying an
aliasrange
value of
xyz01-FF
would yield
XYZ000000000000000001
through
XYZ0000000000000000FF
, which would
generate 255 symmetric keys.
-keypass
Specifies a password used to protect the data key. This password
must be
identical
to the keystore password. If no password is specified, you are
prompted for it. If you press
Enter
at the prompt, the key password is set to
the same password as that used for the keystore.
keypass
must be at least six
characters long.
Note:
Once you have set the keystore password,
do not change
it unless its
security has been breached. See “Changing Keystore Passwords” on
page 3-12.
-keyalg
Specifies the alogrithm to be used to generate the data key. This value must be
specified as
AES
.
-keysize
Specifies the size of the data key to be generated. The key size must be
specified as
256
.
Examples of acceptable aliases that could be associated with symmetric keys are:
abc000000000000000001
abc00a0120fa000000001
Examples of aliases that would not be accepted by the key manager are:
Chapter 3. Installing the Encryption Key Manager and Keystores
3-11
|
|
|