Managing External CipherTrust Keys
This section describes how to manage CipherTrust keys or CipherTrust (External) keys on CCKM. Before proceeding, you must have an CipherTrust domain added to the CCKM. Refer to Managing CipherTrust Domains for details.
Adding CipherTrust (External) Keys
To add a CipherTrust (External) key:
Open the Cloud Key Manager application.
In the left pane, click Cloud Keys > CipherTrust. The list of available CipherTrust (External) keys is displayed.
Click Add Key. The Add CipherTrust (External) Key screen of the Add CipherTrust (External) Key wizard is displayed.
Add CipherTrust (External) Key
Select Domain for the key. The key will be added to this domain.
(Optional) Enter the Key Name. This helps in uniquely identifying a key.
Select the key Algorithm. The algorighm can be AES (default), TDES, RSA, Elliptic Curve, HMAC-SHA1, HMAC-SHA256, HMAC-SHA384, and HMAC-SHA512.
Select the Key Size or Curve.
Note
If the algorithm is not Elliptic Curve, select the Key Size. If the algorithm is Elliptic Curve, select the Curve.
(Optional) Select the Key Attributes. The supported attributes are Exportable and Deletable.
(Optional) Select the Key Usage(s).
(Optional) Enter KMIP Mask Shorthand.
(Optional) Enter Labels. A label is a label assigned to the key that consists of a user-defined key and a value.
To add a label:
Specify a label name.
Specify the label value.
CCKM allows the following characters in label values:
Alphanumeric characters
Special characters ** ! @ # $ % ) ( { } > < ? + - / \ [ ] ^ & + = | ~ ` , ; . ' " _ **
CCKM does not allow the colon (
:
) in label values.
Click the + button.
Similarly, you can add more labels. To remove a label, click the close (X) icon in the label name.
Click Next. The Review and Add screen is displayed. This screen shows the key details.
Tip
Before adding the CipherTrust (External) key, it is recommended to review its details. After the key is added, its certain features cannot be edited.
Review And Add
Review the key details. If the key requires any changes, click the Back link and modify the details.
Click Save.
After the key is created successfully, a success message Key added successfully. is displayed.
Click Close.
The newly created key is displayed in the keys list.
Note
<!---Creation of an CipherTrust (External) key fails if:
The selected CipherTrust domain is full. If the key creation fails, ensure enough free disk space is available on the domain and retry the key creation.
The external CM user credentials are incorrect or the password has expired. Check the credentials or reset the user password, as appropriate, test the connection, and retry the key creation.
The CipherTrust domain admin is different from the external CM admin used for creating the external CM connection.
-->
Viewing CipherTrust (External) Keys
The CipherTrust (External) Keys page displays the available CipherTrust (External) keys. Search for CipherTrust (External) keys by Key Name or UUID (Universally Unique Identifier) of the key.
To view a CipherTrust (External) key:
Open the Cloud Key Manager application.
In the left pane, click Cloud Keys > CipherTrust. The CipherTrust (External) Keys page displays following details:
Field Description Key Name Name of the CipherTrust (External) key. Click to view details of keys. Refer to Viewing CipherTrust (External) Keys for details. Status State of the Google Cloud key. The status can be:
• Active
• Pre-Active
• Deactivated
• Destroyed
• Compromised
• Destroyed Compromised
• DeletedVersion Version of the CipherTrust (External) key. Owner Owner of the CipherTrust (External) key. Creation Date Time when the key is added to CCKM. Type Type of the CipherTrust (External) key - Symmetric, Public, or Private. Algorithm Algorithm of the CipherTrust (External) key. The algorighm can be:
• AES
• TDES
• RSA
• Elliptic Curve
• HMAC-SHA1
• HMAC-SHA256
• HMAC-SHA384
• HMAC-SHA512.Size Size of the CipherTrust (External) key. Domain ID of the CipherTrust domain where the key is created.
Click on the ID to view the details of the domain.
To hide/display columns, click the Customize View () icon, select or clear the desired check boxes, and click OK.
Viewing or Editing Details of CipherTrust Keys
To view or edit a CipherTrust key:
Open the Cloud Key Manager application.
In the left pane, click Cloud Keys > CipherTrust. The list of available CipherTrust (External) keys is displayed.
Click the overflow icon () corresponding to the desired key and click View/Edit Details. Alternatively, you can click the key name link. The edit view of the key is displayed. The edit view is divided into:
GENERAL INFO: View the key ID and add tags. Refer to Adding/Removing Tags for details.
GENERAL INFO: Add or update the Key Attributes, Key Usages, KMIP Mask Shorthand, Labels, and Key Metadata. Refer to Updating General Info for details.
DATES: Add and updated the deactivation date, protect start date, and protect stop date of the key. Refer to Adding and Updating Dates
KEY SCHEDULE: Add, update, and disable a key rotation schedule. Refer to Adding or Changing Key Rotation Schedule and Disabling Key Rotation Schedule.
KEY VERSIONS: View details of key versions. Refer to Viewing Key Version Details.
Updating General Info
Expand the GENERAL INFO section, if needed.
Add or update the following details.
Key Attributes
Key Usages
KMIP Mask Shorthand
Labels.
To add a label:
Specify a label name.
Specify the label value.
CCKM allows the following characters in label values:
Alphanumeric characters
Special characters ** ! @ # $ % ) ( { } > < ? + - / \ [ ] ^ & + = | ~ ` , ; . ' " _ **
CCKM does not allow the colon (
:
) in label values.
Click the + button.
Similarly, you can add more labels. To remove a label, click the close (X) icon in the label name.
Key Metadata
Click Update.
Adding and Updating Dates
Expand the DATES section.
Add or Update Deactivation Date.
Add or Update Protect Start Date.
Add or Update Protect Stop Date.
Click Update.
Viewing Key Version Details
To view the details of key versions, expand the KEY VERSIONS section. The list of key versions with their details are displayed:
Field | Description |
---|---|
Version | Version of the CipherTrust (External) key. |
ID | |
Status | State of the Google Cloud key. The status can be: • Active • Pre-Active • Deactivated • Destroyed • Compromised • Destroyed Compromised • Deleted |
Exportable | |
Deletable | |
Never Exported | |
Never Exportable | |
Created | Time when the version is created. |
Modified | Time when the version is modified. |
Refreshing CipherTrust (External) Keys
Refreshing is the process of downloading keys from configured CipherTrust domains and updating their details on the CCKM GUI. You can refresh keys of all domains at once.
To refresh keys of all domains:
Open the Cloud Key Manager application.
In the left pane, click Cloud Keys > CipherTrust. The list of available CipherTrust (External) keys is displayed.
Click Refresh All. The This may take a while... message is displayed.
Note
Refreshing all CipherTrust domains is a time intensive operation that could take several hours or days to complete. It will continue running in the background.
Click Refresh All to continue.
A message Refresh started... is displayed on the screen. To cancel the refresh, click Cancel Refresh.
The refreshed keys are listed on the Cloud Keys > CipherTrust > CipherTrust Keys page.
Adding a Key Version
To add a new key version:
Open the Cloud Key Manager application.
In the left pane, click Cloud Keys > CipherTrust. The list of available CipherTrust (External) keys is displayed.
Click the overflow icon () corresponding to the desired key.
Click Add Version. The Add Version dialog box is displayed.
Click Yes, Add Version. A success message Version added successfully. is displayed.
A new version is added to the key. The Version Count increases by one on the CipherTrust (External) keys page.
Deleting CipherTrust (External) Keys
To delete a CipherTrust (External) key:
Open the Cloud Key Manager application.
In the left pane, click Cloud Keys > CipherTrust. The list of available CipherTrust (External) keys is displayed.
Click the overflow icon () corresponding to the desired key.
Click Delete. The Delete Key dialog box is displayed.
Click Delete Key.
A success message Delete is in progress is displayed. It may take some time to reflect the changes. After a key is deleted, its status becomes Deleted
on the CipherTrust (External) Keys page.
Deleting a Key Version
To delete a key version:
Open the Cloud Key Manager application.
In the left pane, click Cloud Keys > CipherTrust. The list of available CipherTrust (External) keys is displayed.
Click the Key Name link of the desired key.
Alternatively, click the overflow icon () corresponding to the desired key and click View/Edit.
Expand VERSIONS.
Click the overflow icon () corresponding to the desired key version.
Click Delete. The Delete Version dialog box is displayed.
Click Delete Key Version.
A success message Version deleted successfully. is displayed. After a key version is deleted, its status becomes Deleted
.