Federal Information Processing Standard 140-2 Considerations - Dell PowerVault ML6000 User Manual

Keytool -exportseckey " on page 3-12). When the other organization imports the
symmetric key into their Encryption Key Manager keystore, it will be unwrapped
using their corresponding private key (see "Importing Data Keys Using Keytool
-importseckey " on page 3-12). This ensures that the symmetric key is safe in
transit since only the holder of the private key is able to unwrap the symmetric
key. With the symmetric key that was used to encrypt the data in their Encryption
Key Manager keystore, the other organization will then be able to read the data on
the tape.

Federal Information Processing Standard 140-2 Considerations

Federal Information Processing Standard 140-2 has become important now that the
Federal government requires all its cryptographic providers to be FIPS 140
certified. This standard has also been adopted in a growing private sector
community. The certification of cryptographic capabilities by a third party in
accordance with government standards is felt to have increased value in this
security-conscious world.
The Encryption Key Manager does not provide cryptographic capabilities itself and
therefore does not require, nor is it allowed to obtain, FIPS 140-2 certification.
However, the Encryption Key Manager takes advantage of the cryptographic
capabilities of the IBM JVM in the IBM Java Cryptographic Extension component
and allows the selection and use of the IBMJCEFIPS cryptographic provider, which
has a FIPS 140-2 level 1 certification. By setting the fips configuration parameter to
on in the Configuration Properties file, you make the Encryption Key Manager use
the IBMJCEFIPS provider for all cryptographic functions.
See the documentation from specific hardware and software cryptographic
providers for information on whether their products are FIPS 140-2 certified.
2-10
Dell Encryption Key Mgr User's Guide