| Asset ID: |
1-71-1334538.1 |
| Update Date: | 2013-07-08 |
| Keywords: | |
Solution Type
Technical Instruction Sure
Solution
1334538.1
:
KMS/OKM -What Behavior Does FIPS Mode Change In An Encrypted Tape Subsystem
| Related Items |
- Sun StorageTek Crypto Key Management System
|
| Related Categories |
- PLA-Support>Sun Systems>TAPE>Backup Software-Filesystems>SN-TP: Encryption
|
In this Document
Applies to:
Sun StorageTek Crypto Key Management System - Version All Versions and later
Information in this document applies to any platform.
Goal
Inform the field personnel regarding the operation of FIPS mode for KMAs and Tape Drives.
Solution
FIPS Mode On a KMA began with software version 2.2. It is turned on by setting the FIPS Only Mode parameter to On.
If FIPS Only Mode is On:
- All keys generated must come from the SCA 6000 card. If the card is not present or not functioning, then no keys are generated and the KMA fails.
- All keys are wrapped. (ie: Version 2 retrieve key).
If FIPS Only Mode is Off:
- Keys can be either version 1 or 2.
- If the SCA 6000 card is present and functioning, all keys are still generated from the SCA 6000 card.
- If the SCA 6000 card is not present or not functioning, then keys are generated by software. ( The only exception is if the KMA is running on 2.1 software. In that case you have to have a functioning SCA 6000 card)
Note: Non-FIPS OKMs will still serve keys to FIPS drives.
Attachments
This solution has no attachment
