Dell PowerVault TL4000 Dell PowerVault ML6000 Encryption Key Manager User's - Page 44
Creating and Managing Key Groups, Using the GUI to Define Key Groups and Create Keys
View all Dell PowerVault TL4000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 44 highlights
must be 256. The filename specified in the config.keystore.file should match the name specified in the -keystore in the KeyTool invocation: symmetricKeySet = AES01-FF,abcfrg config.keystore.file = .jceks Only those keys named in the symmetricKeySet will be validated (checked for an existing alias and a symmetric key of the proper size and algorithm). If an invalid key is specified in this property, the Encryption Key Manager will not start and an audit record will be created. Creating and Managing Key Groups The Encryption Key Manager gives you the ability to organize your symmetric | keys for LTO 4 and LTO 5 encryption into key groups. In this way, you can group keys according to the type of data they encrypt, the users who have access to them, or by any other meaningful characteristic. Once a key group is created, you can associate it with a specific tape drive using the -symrec keyword in the adddrive command. See "adddrive" on page 5-8 for syntax. In order to build a key group, you must define it in the KeyGroups.xml file. If you followed the procedure in "Using the GUI to Create a Configuration File, Keystore, and Certificates" on page 3-5, the location of this file was specified on the EKM Configuration page. If you are creating the configuration file manually, the location of the KeyGroups.xml file is specified in the configuration properties file as follows: config.keygroup.xml.file = FILE:KeyGroups.xml If this parameter is not specified, then the default behavior is to use the KeyGroups.xml file from the the Encryption Key Manager launching location's working directory. If this file does not exist, an empty KeyGroups.xml file is created. On subsequent starts of the Encryption Key Manager Server, the following message may appear in the native_stderr.log: [Fatal Error] :-1:-1: Premature end of file. This is an error in parsing the empty KeyGroups.xml file and it does not prevent the Encryption Key Manager Server from starting unless the Encryption Key Manager Server has been configured to use keygroups. Key groups are built using the Dell Encryption Key Manager Server GUI or using the following CLI client commands (see "CLI Commands" on page 5-7 for syntax): Using the GUI to Define Key Groups and Create Keys You can use the GUI to perform all tasks necessary for managing key groups. You can also use it to create additional keys. Note: When you click Submit Changes while performing any of the following tasks, a backup dialog window (Figure 3-6 on page 3-8) opens reminding you to back up your Encryption Key Manager data files. Enter a path where backup data is to be saved. Click Submit. Then verify the backup path and click OK. To create a key group and populate it with keys, or to add keys to an existing keygroup: 1. Open the GUI if it is not yet started: 3-14 Dell Encryption Key Mgr User's Guide