BackBox H4.00 Tape Encryption Option
Configuration
6 BackBox H4.00 Tape Encryption
When the KeyPerTape key generation policy is set (via SCF), each tape written by
the tape drive will use a unique encryption key. Each time data is rewritten on the
media, (e.g. when the media state changes from state SCRATCH to SELECT), the
tape drive would use a new key to encrypt the data. In that case the key is renewed
automatically. The key is identified by a key name associated with the media. In
some situations, such as the need to restore the media’s data on a remote NonStop
system using another ESKM Cluster, you will need to export the media key in the
other ESKM Cluster using the Media Key Name.
When the KeyPerDrive key generation policy is selected, each tape written by the
tape drive will use the current tape drive encryption key. So, each time media data is
rewritten, (e.g. when the media state changes from state SCRATCH to SELECT), the
tape drive will use the key identified by its Drive context. The key is not renewed
(i.e. changed) automatically. If the user wants to change the drive key, he must
ALTER the tape drive in SCF using the NEWENCRYPTIONKEY attribute.
STORAGE - Status TAPE \NSBLDE4.$VTE400, ENCRYPTION
Media
Not present or encryption status unknown
Drive
MasterKeyName.... N2108001086022114_S066666C1002541
KeyAlgorithm..... GCM-AES
KeySize.......... 256
KeyGenPolicy..... KeyPerTape
STORAGE - Status TAPE \NSBLDE4.$VTE400, ENCRYPTION
Media
KeyName.......... N7566B3CCLAB035D873833A969D0008_BBBBBBBB_1911112107
KeyAlgorithm..... GCM-AES
KeySize.......... 256
Drive
MasterKeyName.... N2108001086022114_S066666C1002541
KeyAlgorithm..... GCM-AES
KeySize.......... 256
KeyGenPolicy..... KeyPerTape