1. Manuals
  2. Brands
  3. Oracle Manuals
  4. Storage
  5. StorageTek T10000D
  6. Manual

Arameters; Table 9 - List Ofc - Oracle StorageTek T10000D Manual

Non-proprietary security policy
Hide thumbs
Table of Contents

Advertisement

2.7.4 Encryption Enabled Cryptographic Keys and Critical Security Parameters
The cryptographic keys, key components, and other CSPs used by the module while operating in either the Permanent
Encryption Approved Mode or Encryption Enabled Approved Mode are shown in Table 9.
Table 9 – List of Cryptographic Keys, Cryptographic Key Components, and CSPs (Permanent Encryption and Encryption Enabled Modes)
Key
Key Type
Media Key (MEKey) AES CCM 256-bit
AES Key Wrap Key
AES ECB 256-bit
(AKWK)
Dump Encryption
AES CCM 256-bit
Key (DEKey)
Dump Encryption
RSA 2048-bit public
Public Key
key
(DEPubKey)
Tape Drive Private
RSA 2048-bit
Key (TDPrivKey)
private key
Tape Drive Public
RSA 2048-bit public
Key (TDPubKey)
key
49
RAM – Random Access Memory
50
FPGA – Field Programmable Gate Array
Generation / Input
Generated externally;
Output encrypted via
Input encrypted via
DEKey
AKWK
Generated internally
Output encapsulated
via Approved DRBG
via KWKPublicKey
Generated internally
Output encrypted via
via Approved DRBG
DEPubKey
Generated externally;
Output encrypted via
Hardcoded into
DEKey
module
Generated externally;
Output encrypted via
Input via TLS_ECK
DEKey
Generated externally;
Output encrypted via
Input via TLS_ECK
DEKey; Output in
plaintext
© Copyright 2017 Oracle Corporation
This document may be freely reproduced and distributed whole and intact including this Copyright notice.
Output
Storage
Plaintext in RAM
50
and FPGA
Plaintext in RAM
Plaintext in RAM
Plaintext in
EEPROM and RAM
Plaintext in RAM
and EEPROM
Plaintext in
EEPROM and RAM
Page 33 of 51
Zeroization
49
"Reset" service;
To encrypt and decrypt
Switch Approved
data to and from
Mode
magnetic tape
"Reset" service;
Decrypt MEKey
Power cycle;
Switch Approved
Mode
"Reset" service;
Encrypt dump files
Power cycle;
Switch Approved
Mode
Not Applicable
Encapsulate DEKey
"Reset" service;
Authenticate the
Switch Approved
module to OKM cluster
Mode
appliance during TLS
session
"Reset" service;
Authenticate the
Switch Approved
module to OKM cluster
Mode
appliance during TLS
session
Use

Advertisement

Table of Contents
loading

Related Manuals for Oracle StorageTek T10000D

Related Products for Oracle StorageTek T10000D

Table of Contents