|
|
|
In-house keys are symmetric keys used to encrypt data on tapes for internal use and for disaster recovery purposes. If ICSF or CPACF are enabled then both the system that encrypts the tape and the system that reads the tape must have access to all of the following:
You should ensure that tapes are encrypted using algorithms that are available to all systems that will be required to read the tapes. Do not use algorithms that are provided by ICSF or CPACF if both ICSF and CPACF, or only CPACF is not available on all systems that must read your encrypted tapes and those algorithms are not also supported by CA Tape Encryption through software.
Note: When writing to an encryption-enabled IBM TS1120 tape drive using the EEFMT2 recording technique, encryption will be handled by the TS1120 and the symmetric key used for the encryption will be generated by the IBM TS1120 Encryption Key Manager application (EKM); the symmetric key generated by CA Tape Encryption will not be used. The EKM encrypts the symmetric key it generates using an asymmetric public key, which the TS1120 will then store on the tape. If the CA Encryption Key Manager is enabled for the CA Tape Encryption symmetric key definition associated with the tape, the Digital Certificate that the EKM will use to encrypt its symmetric key will be one which is generated and managed by the CA Encryption Key Manager.
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |