Dell PowerVault TL4000 Dell PowerVault ML6000 Encryption Key Manager User's - Page 43
Sample Alias and Symmetric Key Setup for LTO 4 and LTO 5, Encryption Using a JCEKS Keystore, alias
View all Dell PowerVault TL4000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 43 highlights
[-storetype ] [-providerName ] [-exportfile ] [-providerClass ] [providerArg ] These parameters are of particular importance when exporting data keys for | Encryption Key Manager to serve to the LTO 4 and LTO 5 drives for tape encryption: -alias Specify an alias value for a single data key with up to 12 printable characters (for example, abcfrg or key123tape). -aliasrange When exporting multiple data keys, aliasrange is specified as a 3-character alphabetic prefix followed by lower and upper limits for a series of 16-character (hexadecimal) strings with leading zeroes filled in automatically to construct aliases 21-characters in length. For example, specifying key1-a would yield a series of aliases from KEY000000000000000001 through KEY00000000000000000A. Specifying an aliasrange value of xyz01-FF would yield XYZ000000000000000001 through XYZ0000000000000000FF -exportfile Specifies the file to store the data keys when they are exported. -keyalias Specifies the alias of a public key in keystore to encrypt all the data keys. Ensure that the keystore where the symmetric (data) keys will be imported contains the corresponding private key. | Sample Alias and Symmetric Key Setup for LTO 4 and LTO 5 Encryption Using a JCEKS Keystore Invoke the KeyTool with the -aliasrange option. Note that key algorithm (-keyalg) must be specified as AES and key size (-keysize) must be specified as 256, as follows: /bin/keytool -genseckey -v -aliasrange AES01-FF -keyalg AES -keysize 256 -keypass password -storetype jceks -keystore path/filename.jceks These KeyTool invocations generate 255 sequential aliases in the range AES000000000000000001 through AES0000000000000000FF and associated AES 256-bit symmetric keys. Either can be repeated cumulatively as many times as necessary to setup the full number of ranged and standalone key aliases that are desired for robust key manager operation. For example, to generate an additional | alias and symmetric key for LTO 4 and LTO 5: /bin/keytool -genseckey -v -alias abcfrg -keyalg AES -keysize 256 -keypass password -storetype jceks -keystore path/filename.jceks This invocation adds standalone alias abcfrg cumulatively to the named keystore, which already contains 255 aliases from the invocation above yielding 256 symmetric keys in the jceks file named in -keystore option. Update the symmetricKeySet property in the KeyManagerConfig.properties file to add the following line to match any or all of the alias ranges used above, and the filename under which the symmetric keys were stored. Note that the Encryption Key Manager may not start if an invalid alias is specified. Other causes for validation check failure may include incorrect bit size (for AES keysize MUST be 256) or an invalid algorithm for the platform. -keyalg must be AES and -keysize Chapter 3. Installing the Encryption Key Manager and Keystores 3-13