EasyManua.ls Logo

Rohde & Schwarz R&S Trusted Disk 3.3.1 - R&S Trusted Disk Key Update

Rohde & Schwarz R&S Trusted Disk 3.3.1
49 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Advanced tasks
32Administration manual 4603.7988.02 ─ 03
Key Possible values Default
Characters "InitialPINChars" 0 digits only
1 at least 1 digit + 1 letter
2 at least 1 digit, 1 letter + 1 special character
100 no limitations
100
Length "InitialPINLength" 6 16 characters 6
These keys are synchronized with pba.config (UEFI/GPT)/pinPolicy.config
(Legacy BIOS/MBR) on the boot partition during the full-disk encryption and when
the R&S Trusted Disk application is closed.
6.3 R&S Trusted Disk key update
If you want to update the key used for encryption to a new key, e.g. because you want
to migrate to a stronger bit length key, but keep the same smart card, you have to put
another key and certificate on the smart card. If you use the R&S Trusted Objects Man-
ager PKI (starting with version 19.08.1), you can add another Trusted Disk
certificate/key to the smart card profile.
After adjusting the smart card profile and updating the smart card with R&S Trus-
ted Identity Manager, you can perform the key update with R&S Trusted Disk. For the
system volume, the key update is performed when the R&S Trusted Disk application is
started. For external devices, the key update is performed when the device is mounted.
R&S Trusted Disk chooses the certificate with the strongest bit length and the longest
validity, whereas bit length wins over validity.
For more information on updating a smart card profile, refer to the R&S Trusted Iden-
tity Manager administration manual.
R&S Trusted Disk updates the key if a new valid key with a larger key length or a
longer validity is available on the smart card.
Only certificates with Trusted Disk extended key usage are selected to update
existing keys. OID: 1.3.6.1.4.1.30205.13.1.1.
The best key for the key update is determined automatically; keys with a larger key
length are preferred over keys with a longer validity.
Existing 2048-bit RSA keys can be updated to a new 2048-bit RSA key. Downgrad-
ing from an RSA key larger than 2048-bit to a 2048-bit RSA key is not possible.
R&S
Trusted Disk key update

Table of Contents