Exporting Encryption Keys

Each QKM server provides a unique encryption key for each tape cartridge that is encrypted. In order for another (i.e., destination) QKM server to read tapes encrypted by your QKM server, you need to export the encryption keys used to encrypt those tapes and send them to the destination server.

You may also use this function to create a backup of your QKM server encryption keys in case of a catastrophic QKM server failure.

NOTE: This function is available to users with Administrator-level privileges and only applies to QKM servers. Both QKM servers must be connected and operational in order to export encryption keys.

To export encryption keys:

  1. Before starting this process, read and follow the sequence of steps outlined in Sharing Encrypted Tape Cartridges.
  2. From the Tools menu, select QKM Management > Encryption Key > Export.

    The Tools - Encryption Key Export screen appears.
  3. Assign the encryption certificate with which you will "wrap" the keys by selecting it from the Certificate Name Used For Export drop-down list. The drop-down list contains all of the encryption certificates that you have ever imported onto your QKM server (indicated by the word "imported" in the list). The list also contains the native encryption certificate for your QKM servers, indicated in blue text with the word "native" in the name.

    If destination server is:
  4. Select which QKM encryption keys to export from the following options:
  5. Click Apply.

    Each key is wrapped (encrypted) using the destination public key contained on the selected destination encryption certificate. All the selected keys are saved to a single file.

    The Progress Window appears. The Progress Window contains information on the action, elapsed time, and status of the requested operation. Do one of the following:

  6. A Save As dialog box opens allowing you to save the encryption key file to a location on your computer. Choose a location and click Save.

See also: