User`s guide

ManualsBrandsQuantum ManualsComputer equipmentScalar i2000

251

252

253

254

255

256

257

258

259

260

Chapter 4 Configuring Your Library

EKM Management Solutions

Scalar i6000 User’s Guide 245

SKM Management 4

Sharing Encrypted Tape Cartridges 4

If you are using SKM, you can share encrypted tapes with other

companies and individuals who also use SKM for managing encryption

keys.

Each SKM server provides a unique encryption key for each tape cartridge

that is encrypted. To read an encrypted tape in a library that is attached to

a SKM server that is different than the one that originally provided the

encryption key, the encryption key from the originating (i.e., source) SKM

server needs to be shared with the receiving (i.e., destination) SKM server.

The key (or list of keys, if there is more than one tape), is exported from the

source SKM server to a file, which is sent to the destination recipient. Each

key contained in the file is encrypted using the public key of the

destination SKM server. The destination SKM server provides its public

key to the source SKM server as part of an Encryption Key Certificate,

which the source SKM server uses to wrap (encrypt) the encryption keys

for transport. Upon arrival, the file containing the wrapped encryption

keys can only be unwrapped by the corresponding private key, which

resides on the destination SKM server and is never shared.

The process is as follows:

1 The destination administrator exports the Encryption Key Certificate

that belongs to the destination SKM server. The Encryption

Certificate is saved as a file to a location specified by the

administrator on a computer (see

Exporting Encryption Certificates

on page 249).

2 The destination administrator e-mails the Encryption Key Certificate

file to the source administrator.

3 The source administrator saves the Encryption Key Certificate file to

a location on a computer, and then imports the Encryption Key

Certificate onto the source SKM server (see

Importing Encryption

Certificates on page 248).

4 The source administrator exports the Encryption Keys, assigning the

same Encryption Key Certificate noted above to wrap the keys. The

file containing the wrapped encryption keys is saved to a location on

a computer specified by the source administrator. See

Exporting

Encryption Keys on page 251.