Exporting Encryption Keys
Each QKM server provides a unique encryption key for each tape cartridge that is encrypted. In order for another (i.e., destination) QKM server to read tapes encrypted by your QKM server, you need to export the encryption keys used to encrypt those tapes and send them to the destination server.
You may also use this function to create a backup of your QKM server encryption keys in case of a catastrophic QKM server failure.
 |
NOTE: This function is available to users with Administrator-level privileges and only applies to QKM servers. Both QKM servers must be connected and operational in order to export encryption keys.
|
To export encryption keys:
- Before starting this process, read and follow the sequence of steps outlined in Sharing Encrypted Tape Cartridges.
- From the Tools menu, select QKM Management > Encryption Key > Export.
The Tools - Encryption Key Export screen appears.
- Assign the encryption certificate with which you will "wrap" the keys by selecting it from the Certificate Name Used For Export drop-down list. The drop-down list contains all of the encryption certificates that you have ever imported onto your QKM server (indicated by the word "imported" in the list). The list also contains the native encryption certificate for your QKM servers, indicated in blue text with the word "native" in the name.
If destination server is:
- Someone else's QKM server — The destination administrator should have sent you the encryption certificate previously and you should have imported it onto your QKM server (see Importing Encryption Certificates). It should appear on the list for you to select.
- Your QKM server — If you are sending your encryption certificate to someone else to use to wrap encryption keys, select your "native" certificate. You might also need to export your "native" certificate for disaster recovery in the event that one of your QKM servers failed and you needed to re-import all of your keys onto a new QKM server.
- Select which QKM encryption keys to export from the following options:
- Export Used — Exports all the keys that have ever been used to encrypt tape cartridges on the library.
- Export Selective — Exports the keys that are associated with a string of characters that you type into the text box. Each key is associated with its encrypted tape cartridge, identified by the tape cartridge barcode. You can type in all or part of a tape cartridge barcode, and any keys that are associated with that string will be exported. This is helpful if you only want to export a single key associated with a particular tape cartridge.
- Click Apply.
Each key is wrapped (encrypted) using the destination public key contained on the selected destination encryption certificate. All the selected keys are saved to a single file.
The Progress Window appears. The Progress Window contains information on the action, elapsed time, and status of the requested operation. Do one of the following:
- If Success appears in the Progress Window, the encryption keys were exported successfully. Close the Progress Window and go to next step.
- If Failure appears in the Progress Window, the encryption keys were not exported successfully. Follow the instructions listed in the Progress Window to resolve any issues that occurred during the operation.
- A Save As dialog box opens allowing you to save the encryption key file to a location on your computer. Choose a location and click Save.
See also: