Oracle Key Manager (OKM) - Process To Destroy Encryption Keys and Data Units On KMA

Asset ID:	1-72-2199974.1
Update Date:	2016-11-09
Keywords:

Solution Type Problem Resolution Sure

Solution 2199974.1 : Oracle Key Manager (OKM) - Process To Destroy Encryption Keys and Data Units On KMA

Applies to:

Sun StorageTek Crypto Key Management System - Version All Versions and later
Information in this document applies to any platform.

Symptoms

Need a process to destroy data units on KMA.

Cause

Encryption keys need to be deleted so the KMA servers can be decommissioned.

Solution

Went through the different screens in the OKM GUI:

Data Unit List
   Select a Data Unit
       Details
             In the Details screen:
                   Key List
                               Select a Key ID from the list

Back to Details screen
Details
In the Details screen uncheck the "In Use By Data Unit Flag" and exit.

Back in Key List screen

Select a Key and Compromise. Answer "Yes" to compromise the key or keys and add a comment

Select the "Compromise" button.

Go back to Data Unit List

Select "Destroy Keys" button.

Answer the questions and add a comment

Select "Destroy" button.

The keys will still show up in the "Key List" but will show "compromised and destroyed".

The customer will not be able to mount the tape using that encryption key, until it has the label re-written and a new key issued to it.

Attachments

This solution has no attachment