HP 1/8 G2 and MSL Encryption Kit User Guide
Figure 4 Key server token LED
Table 2 Token status
Token statusLED behavior
The token is ready to be used by the autoloader or library.On
The token is not receiving power and must be fully inserted into the autoloader or library USB
port.
Off
The device with the USB port does not have software to communicate with the key server
token. If this occurs when the key server token is plugged into the autoloader or library, update
Flashing
the autoloader or library firmware to the current version. See “Encryption token LED” (page 43)
for additional information about the key server token LED.
NOTE: The key server token is not a USB flash drive and its contents cannot be read by devices
other than the autoloader or library.
The keys on the key server token
The encryption kit key server token generates, stores, and retrieves keys used both to encrypt data
and to decrypt data. The same key is used as both the encryption key and the decryption key for
a tape, but different tapes may use different keys.
Only one key is used at a time for encrypting data on new or formatted tapes in the autoloader
or library. This key is called the current key. In most cases, the current key is the most recently
created key. You can see the current key and key creation dates in the RMI Status > Security screen.
On the MSL6480, click Gather Key Information to see the keys on the token.
When you manually create a new key or when the automatic key generation policy creates a new
key, the previous current key will no longer be used to encrypt new or formatted tapes. All of the
keys on the token, including the current key, are always available for decryption.
The keys on the key server token 9