Quantum Q-EKM User's Guide download pdf (Page 16)

Overview

Managing Encryption With Q-EKM

Quantum Encryption Key Manager User’s Guide 3

Library managed encryption is provided for IBM LTO-4 and LTO-5 tape

drives in a Quantum Scalar tape libraries (see Supported Libraries and

Tape Drives on page 10).

Managing Encryption With Q-EKM

Quantum Encryption Key Manager (Q-EKM) generates, protects, stores,

and maintains data encryption keys that are used to encrypt information

being written to, and decrypt information being read from, tape media

(tape and cartridge formats).

Q-EKM uses a keystore to hold JCEKS keys and certificates required for

all encryption tasks.

Q-EKM acts as a process awaiting key generation or key retrieval

requests sent to it through a TCP/IP communication path between

Q-EKM and the tape library.

When a tape drive writes encrypted data, it first requests an encryption

key from Q-EKM.

Upon receipt of the request, Q-EKM retrieves an existing Advanced

Encryption Standard (AES) key from a keystore and wraps it for secure

transfer to the tape drive, where it is unwrapped upon arrival and used to

encrypt the data being written to tape.

When an encrypted tape is read by a tape drive, the tape drive requests,

via the library, the required data encryption key from the Q-EKM server.

Q-EKM retrieves the required data encryption key from the keystore and

securely transfers it to the library, which provides it to the tape drive. The

tape drive uses the data encryption key to perform encryption and

decryption.

No data encryption key is stored anywhere on the cartridge memory or

the tape. Only the name of the data encryption key is stored on the tape,

so that in the future the key can be requested for further read or write

purposes.

1 2 ... 11 12 13 14 15 16 17 18 19 20 21 ... 92 93

No comments

Quantum Q-EKM User's Guide Page 16