beautypg.com

Versioned keys, Viewing the key properties section, Key properties section components – HP Secure Key Manager User Manual

Page 124

background image

Figure 48 Viewing the Key Properties section

The following table describes the components of the Key Properties section.

Table 29 Key Properties section components

Description

Component

Name of key described in the current row.

Key Name

Name of the user that owns the key. If blank, the key is a global key and therefore
accessible to all users.

NOTE:

Once a key has an owner it is no longer a global key. You cannot change it
into a global key by removing the owner. This is true even if the key was
originally created as a global key.

Owner Username

The algorithm this key uses.

Algorithm

Display the timestamp made at the time of the key's creation.

Creation Date

Indicates if this is a versioned key.

Versioned Key Bytes

If selected, this key is deletable via an XML request by the key owner. This value may
be changed.

Deletable

If selected, this key is exportable via an XML request. An exportable key can be ex-
ported by its owner and by members of a group with “Export” permission for the key.
A global key marked exportable can be exported by any user. This value may be
changed.

Exportable

Click Edit to edit the Key Name, Owner Username, exportable, and deletable settings.

Edit

Click Back to return to the Key and Policy Configuration page.

Back

Versioned keys

A versioned key maintains the same key metadata, but has a unique set of bytes for each version.
Thus, each version is different enough for encryption purposes, but similar enough to allow for easy
management. Each key version has its own key bytes, default IV, state, and creation date. The state
determines which key operations are available for a key version. Possible states are: active, restricted,
and retired.

Active: encryption and decryption and all key management options are allowed.

Restricted: only key information operations are allowed.

Retired: no operations or access to key management is allowed.

Using the Management Console

124