EXPORTING AND PROTECTING ENCRYPTION KEYS
Creating a backup of all keys used in the library and a record of the password for
each exported key is essential to ensuring that you can recover encrypted data. For
safe-keeping and security, export the encryption key and store it in a safe, secure
location so that you can import it back into the library if needed.
Overview
Decrypting encrypted data requires both the encryption key and the encryption key
password used to protect the encryption key when it is exported. To ensure that the
keys are protected, use the Export Key option described in this section to export
encryption keys as soon as possible after you create them.
CAUTION
Data cannot be recovered without the encryption key used to encrypt the data,
so protecting encryption keys is extremely important to data decryption and
recovery. To decrypt and restore encrypted data, you need the data, the
encryption key, and the encryption key password used to protect the exported
key.
Best Practice
Spectra Logic recommends that you export each encryption key to at least two
different USB devices and store them in separate locations. Remember, lost encryption
keys cannot be recreated; keep them as secure (and as backed up) as your data.
CAUTION
As a matter of best practice, Spectra Logic recommends exporting encryption
keys to a USB device instead of using email or RMI download.
Although emailing and RMI download of encryption keys are supported by the
library, they present security issues, including the following:
l Copies of encryption keys may be left on the email servers used for sending
and receiving email and are thus subject to compromise.
l The difficulty in verifying where all of the copies of emailed or downloaded
encryption keys may be located can make security audits more challenging.
JANUARY 2023 125
SPECTRA STACK LIBRARY
USER GUIDE
CHAPTER 3 - CONFIGURING AND USING ENCRYPTION
To Next Page
Loading...
