Quantum Q-EKM User's Guide download pdf (Page 53)

Sharing Encrypted Tapes – Import/Export Operations

Sharing Encrypted Tape Cartridges

Quantum Encryption Key Manager User’s Guide 40

Q-EKM creates unique key aliases across all Q-EKM installations

worldwide (see Understanding How Q-EKM Uses Aliases

on page 41).

This ensures that you can safely share Q-EKM-encrypted tapes with other

sites or companies.

In order to share encrypted data on an encrypted tape, a copy of the

symmetric key used to encrypt the data on the tape must be made

available to the other organization to enable them to read the tape.

In order for the symmetric key to be shared, the other organization must

share their public key with you. This public key will be used to wrap the

symmetric key when it is exported from the Q-EKM keystore.

When the other organization imports the symmetric key into their

Q-EKM keystore, it will be unwrapped using their corresponding private

key. This ensures that the symmetric key will be safe in transit since only

the holder of the private key will be able to unwrap the symmetric key.

With the symmetric key that was used to encrypt the data in their Q-EKM

keystore, the other organization will then be able to read the data on the

tape.

The process is as follows:

1 The destination administrator exports the native

public certificate that

belongs to the destination Q-EKM server (see Exporting the Public

Certificate on page 43).

2 The destination administrator sends the

public certificate file to the

source administrator.

3 The source administrator imports the

public certificate onto the

source Q-EKM server (see Importing a Public Certificate

on page 45).

4 The source administrator exports the

data encryption keys, assigning

the

public certificate from the destination server to wrap (encrypt) the

keys. See Exporting Data Encryption Keys

on page 47.

5 The source administrator sends the exported data encryption key file

to the destination administrator.

6 The destination administrator imports the data encryption keys onto

the destination Q-EKM server (see Importing Data Encryption Keys

on page 52).

7 Tape drives installed in libraries connected to the destination Q-EKM

server can now read the encrypted tapes.

1 2 ... 48 49 50 51 52 53 54 55 56 57 58 ... 92 93

Comments to this Manuals

No comments

Quantum Q-EKM User's Guide Page 53

Comments to this Manuals

Related products and manuals for Tape auto loaders & libraries Quantum Q-EKM