Quantum Q-EKM User's Guide download pdf (Page 20)

Overview

Encryption Keys

Quantum Encryption Key Manager User’s Guide 7

Q-EKM uses two types of encryption algorithms:

• Symmetric

• Asymmetric

Symmetric, or secret key encryption, uses a single key for both encryption

and decryption. Symmetric key encryption is generally used for

encrypting large amounts of data in an efficient manner. 256-bit AES keys

are symmetric keys.

Asymmetric, or public/private encryption, uses a pair of keys. Data that

is encrypted using one key can only be decrypted using the other key in

the public/private key pair. When an asymmetric key pair is generated,

the public key is typically used to encrypt, and the private key is typically

used to decrypt.

Q-EKM uses both symmetric and asymmetric keys—symmetric

encryption for high-speed encryption of user or host data, and

asymmetric encryption (which is necessarily slower) for protecting the

symmetric key.

Upon installation, Q-EKM generates 1024 unique encryption keys.

Encryption Key

Processing 1

In library-managed tape encryption, unencrypted data is sent to the tape

drive and converted to ciphertext using a pre-generated symmetric data

key from the keystore available to Q-EKM, and is then written to tape.

Q-EKM selects a pre-generated data key in round-robin fashion. Data

keys are reused on multiple tape cartridges when all pre-generated data

keys have been used at least once.

The data key is sent to the tape drive in encrypted, or wrapped, form by

Q-EKM. The tape drive unwraps this data key and uses it to perform

encryption or decryption. However, no wrapped key is stored anywhere

on the tape cartridge.

After the encrypted volume is written, the data key must be accessible,

based on the alias or key label, and available to Q-EKM in order for the

volume to be read.

1 2 ... 15 16 17 18 19 20 21 22 23 24 25 ... 92 93

No comments

Quantum Q-EKM User's Guide Page 20