Re: [Veritas-bu] Fw: KMS encryption
2010-06-15 19:14:20
> Today i tried configuring the KMS on my master
> server(running on AIX). It worked perfectly fine,
> i took help from veritas support and according to
> them we can only keep one key in the key database,
> it will always use the same key for encrypting the
> data. Every time we need to change the encryption
> key , we need to define the new key and deactivate
> the one that> is activated.
Either they were wrong or you misunderstood. You can have ten (from
memory--it's in the book) keys in a keygroup. Only one key in each
keygroup can be in the Active state, which is the key used for
writing. The rest of the keys in a keybroup can be in the other
states (pre-live, inactive, deprecated and terminated). All active
AND inactive keys are available for decrypting; NetBackup matches
the key-tag, which you can see in your database and in a NetBackup
image list.
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
|
|
|