Configuration, Local key management mode, Configuring the controller (local mode) – HP Secure Encryption User Manual
Page 14
Configuration 14
Configuration
Local key management mode
Local Key Management Mode, or Local Mode, is a solution designed for small to medium-size data centers
using few encrypting controllers. The solution utilizes a paraphrase password, or Master Encryption Key
name, to set the security on the controller and enable encryption. The paraphrase password must be tracked
independently of the controllers, in case the controller needs replacement or drive migration is required
among controllers with different passwords. In local mode, the Master Key name is considered a
cryptographic secret and should be protected as such. Key creation and management is maintained at the
local controller level and does not utilize a key manager.
Characteristics
•
Requires physical paraphrase password management, such as writing and storing Master Key
information in a notebook or computer file
•
Utilizes one paraphrase password-derived 256-bit key to encrypt a unique, per-volume XTS-AES
256-bit data encryption key
Prerequisites
•
An installed HP Smart Array Px3x Controller compatible with HP Secure Encryption
•
A valid HP Secure Encryption license for each drive to be encrypted
•
HP Smart Storage Administrator v1.60.xx.0 and later
•
HP ProLiant Gen8 server
Configuring the controller (local mode)
IMPORTANT:
HP recommends that you keep a record of the Master Encryption Keys when
encryption is configured in Local Mode. The local Master Encryption Key is not displayed by any
available tool or firmware because it is considered a cryptographic secret by FIPS 140-2. HP
Secure Encryption design follows the NIST architecture requirements and does not allow HP to
assist in the recovery of a lost Master Encryption Key.
To configure the controller to operate in Local Key Management Mode:
1.
Open Encryption Manager ("
" on page
).