Table of Contents
Advertisement
20
Master keys
Active master key
The active master key is used to encrypt newly created data encryption keys (DEKs) prior to sending
them to a key vault to be stored. You can restore the active master key under the following
conditions:
•
•
Alternate master key
The alternate master key is used to decrypt data encryption keys that were not encrypted with the
active master key. Restore the alternate master key for the following reasons:
•
•
Master key actions
NOTE
Master keys belong to the group and are managed from Group Properties.
Master key actions are as follows:
•
•
842
The active master key has been lost, which happens if all encryption engines in the group have
been zeroized or replaced with new hardware at the same time.
You want multiple encryption groups to share the same active master key. Groups should share
the same master key if the groups share the same key vault and if tapes (or disks) are going to
be exchanged regularly between the groups.
To read an old tape that was created when the group used a different active master key.
To read a tape (or disk) from a different encryption group that uses a different active
master key.
Backup master key: Enabled any time a master key exists. Selecting this option launches the
Backup Master Key for Encryption Group dialog box.
You can back up the master key to a file, to a key vault, or to a smart card. You can back up the
master key multiple times to any of these media in case you forget the passphrase you
originally used to back up the master key, or if multiple administrators each needs a
passphrase for recovery. Refer to the following procedures for more information:
-
"Saving the master key to a file"
-
"Saving a master key to a key vault"
-
"Saving a master key to a smart card set"
You must back up the master key when the status is Created but not backed up.
Restore master key: Enabled when no master key exists or the previous master key has been
backed up. This option is also enabled when using a DPM key vault.
When this option is selected, the Restore Master Key for Encryption Group dialog box displays,
from which you can restore a master key from a file, key vault, or smart card set. Refer to the
following procedures for more information:
-
"Restoring a master key from a file"
-
"Restoring a master key from a key vault"
-
"Restoring a master key from a smart card set"
on page 843
on page 844
on page 845
on page 846
on page 847
on page 848
Brocade Network Advisor SAN User Manual
53-1003154-01
Advertisement
Chapters
Table of Contents
Troubleshooting
