HP Brocade 8/12c Fabric OS Encryption Administrator's Guide - Page 98
Master keys, Active master key
![]() |
View all HP Brocade 8/12c manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 98 highlights
2 Master keys Master keys When an opaque key vault is used, a master key is used to encrypt the data encryption keys. The master key status indicates whether a master key is used and whether it has been backed up. Encryption is not allowed until the master key has been backed up. Only the active master key can be backed up, and multiple backups are recommended. You can back up or restore the master key to the key vault, to a file, or to a recovery card set. A recovery card set is set of smart cards. Each recovery card holds a portion of the master key. The cards must be gathered and read together from a card reader attached to a PC running the Management application to restore the master key. Master keys belong to the group and are managed from Group Properties. NOTE It is important to back up the master key because if the master key is lost, none of the data encryption keys can be restored and none of the encrypted data can be decrypted. For more information, see the following topics: • "Active master key" on page 78 • "Alternate master key" on page 78 • "Master key actions" on page 79 • "Reasons master keys can be disabled" on page 79 Active master key The active master key is used to encrypt newly-created data encryption keys (DEKs) prior to sending them to a key vault to be stored. You can restore the active master key under the following conditions: • The active master key has been lost, which happens if all encryption engines in the group have been zeroized or replaced with new hardware at the same time. • You want multiple encryption groups to share the same active master key. Groups should share the same master key if the groups share the same key vault and tapes (or disks) are going to be regularly exchanged between the groups. Alternate master key The alternate master key is used to decrypt data encryption keys that were not encrypted with the active master key. Restore the alternate master key for the following reasons: • To read an old tape that was created when the group used a different active master key. • To read a tape (or disk) from a different encryption group that uses a different active master key. 78 Fabric OS Encryption Administrator's Guide 53-1002159-03
![](/manual_guide/products/hewlettpackard-brocade-812c-fabric-os-encryption-administrator039s-guide-2e9e911/98.png)