Dell PowerVault ML6000 User's Manual
Download Operation & user’s manual of Dell PowerVault TL2000 Network Hardware, Software for Free or View it Online on All-Guides.com.
Brand: Dell
Category: Network Hardware , Software , Storage
Type: Operation & user’s manual
Model: Dell PowerVault TL2000 , Dell PowerVault TL4000 , Dell PowerVault ML6000
Pages: 122 (0.8 Mb)
Note: Individual aliases and alias ranges must be unique. This is enforced when
keys are generated on a given keystore/Encryption Key Manager instance.
However, in a multiple Encryption Key Manager/Keystore environment,
you should use a naming convention that maintains uniqueness across
multiple instances in the event it becomes desirable to transport keys
between instances while maintaining uniqueness of reference.
After generating keys and aliases, update the symmetricKeySet property in the
KeyManagerConfig.properties file to specify the new alias, range of aliases, or key
group GroupID, the filename under which the symmetric keys are stored, and the
filename where key groups are defined. (See “Creating and Managing Key
Groups” on page 3-14 for details.) Only those keys named in the symmetricKeySet
will be validated (checked for an existing alias and a symmetric key of the proper
size and algorithm). If an invalid key is specified in this property, the key manager
does not start and an audit record is created.
The keytool utility also provides for the import and export of data keys to and
from other keystores. An overview of each task follows. You can issue the keytool
-ekmhelp to display all the key manager-related parameters covered in the
following discussions.
Editing the Configuration Properties Files
To make changes to the KeyManagerConfig.properties or the
ClientKeyManagerConfig.properties file:
1. Stop the Encryption Key Manager server.
2. Using the text editor of your choice, open the KeyManagerConfig.properties file
to make changes to the server configuration, or the
ClientKeyManagerConfig.properties file for the client configuration. Do not use
Windows to edit the file for a Linux machine because of ^M. If you use
Windows, edit the file with gvim/vim.
3. Change the property value(s) according to the directions provided in this
document.
4. Save the file.
5. Restart the Encryption Key Manager server.
If You are Not Using Keytool
If you do not use keytool or the GUI to generate keys and aliases, you cannot
generate ranges of keys compatible with the Encryption Key Manager. To generate
individual keys compatible with the Encryption Key Manager, be sure to specify
aliases using one of the following formats:
v 12 printable characters or less (for example, abcdefghijk)
v 3 printable characters, followed by two zeros, followed by 16 hexadecimal digits
(for example, ABC000000000000000001) for a total of exactly 21 characters
Generating Data Keys and Aliases Using Keytool -genseckey
Note: Before using the keytool command for the first time in any session, run the
updatePath script to set the correct environment.
On Windows
Navigate to cd c:\ekm and click updatePath.bat
3-10 Dell Encryption Key Mgr User's Guide