Creating a key – Sun Microsystems Virtual Tape Library User Manual

Page 142

Encrypting and shredding data

128

VTL User Guide • May 2008

G • 96267

Each key consists of a secret phrase. For additional security, each key is password‐
protected. You must provide this password in order to change the key name,
password, or password hint, or to delete or export the key.

You can apply a single key to all virtual tapes when you export them to physical
tape, or you can create a unique key for each one. Creating multiple keys provides
more security; in the unlikely event that a key is compromised, only the tapes that
use that key would be affected. However, if you use multiple keys, you must keep
track of which key applies to each tape so that you use the correct key to decrypt the
data when you import the physical tape back to virtual tape.

Note: If you apply an incorrect key when importing a tape, the data imported from
that tape will be indecipherable.

Once you have created one or more keys, you can export them to a separate file
called a key package. If you send encrypted tapes to other locations that run VTL,
you can also send them the key package. By importing the key package,
administrators at the other sites can then decrypt the tapes when they are imported
back into virtual tape libraries managed by VTL.

You can enable encryption and specify which key to use when you either manually
import or export a tape or when you use the auto‐archive/replication feature.

For instructions, see the following:

■

“Creating a key” on page 128

■

“Changing a key name or password” on page 129

■

“Deleting a key” on page 130

■

“Exporting a key” on page 131

■

“Importing a key” on page 132

■