Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

back

DSM Resources

Managing DSM Keys

search

Please Note:

Managing DSM Keys

This section describes how to manage DSM keys on CCKM. Before proceeding, you must have a DSM domain added to the CCKM. Refer to Managing DSM Domains for details.

CCKM supports two types of DSM keys:

  • Symmetric: A randomly generated key is used to encrypt and decrypt the data.

  • Asymmetric: A public and private RSA key pair is used to encrypt and decrypt the data. The public key encrypts while the private key decrypts the data.

Adding DSM Keys

To add a DSM key:

  1. Open the Cloud Key Manager application.

  2. In the left pane, click Cloud Keys > DSM. The list of available DSM keys is displayed.

  3. Click Add Key. The Add DSM Key dialog box is displayed.

  4. On the Add DSM Key screen:

    1. Select Encryption Type. The options are Symmetric and Asymmetric. Depending on the selected encryption type, the Algorithm option change. Also, the Encryption Mode field is displayed for symmetric keys.

    2. Specify a DSM Key Name. This helps in uniquely identifying a key. The key name is mandatory.

    3. Provide a Description of the key.

    4. Select the desired DSM Domain for the key. The key will be added to this domain. The DSM domain is mandatory.

    5. (Optional) Select Expiration Date. The key will expire on this date and time.

      When you select Expiration Date, the UTC field appears under it. Click the field and use the on-screen calendar to specify the key expiration date and time. Alternatively, you can manually specify the expiration date and time in the format, MM/DD/YYYY 00:00.

      Make sure the expiration time exists in the future, otherwise, the key creation fails with an error.

    6. (Optional) Select Extractable. If selected, the key material created on the DSM can be extracted for management from CCKM.

    7. Select the key Algorithm. The algorithm is mandatory. Based on the encryption type, the supported algorithms are:

      • Symmetric: AES-128, AES-256, ARIA-128, and ARIA-256.

      • Asymmetric: RSA-1024, RSA-2048, RSA-3072, and RSA-4096.

    8. (Optional, applicable to symmetric keys) Select the Encryption Mode. The options are CBC, CBC-CS1, and XTS.

    9. Click Next. The Review DSM Key screen is displayed. This screen shows the key details.

      Before adding the DSM key, it is recommended to review its details. After the key is added, its certain features cannot be edited.

  5. On the Review DSM Key screen:

    1. Review the key details. If the key requires any changes, click the Edit link and modify the details.

    2. Click Create.

      The message Create Key is in progress is displayed. It may take some time to create the key. Leave the window open until the key creation process is complete. After the key is created successfully, a success message Your key was successfully created. Close window to return to all keys. is displayed.

    3. Click OK.

The newly created key is displayed in the keys list.

Creation of a DSM key fails if:
• The selected DSM domain is full. If the key creation fails, ensure enough free disk space is available on the domain and retry the key creation.
• The DSM user credentials are incorrect or the password has expired. Check the credentials or reset the user password, as appropriate, test the connection, and retry the key creation.
• The DSM domain admin is different from the DSM admin used for creating the DSM connection.

Viewing DSM Keys

The DSM Keys page displays the available DSM keys. Search for DSM keys by Key Name or UUID (Universally Unique Identifier) of the key.

To view a DSM key:

  1. Open the Cloud Key Manager application.

  2. In the left pane, click Cloud Keys > DSM. The DSM Keys page displays following details:

    FieldDescription
    Key NameName of the DSM key. Click to view details of keys. Refer to Viewing DSM Keys for details.
    StateState of the DSM key - ACTIVE or DELETED.
    UUIDUUID of the DSM key.
    Key TypeType of the DSM key - Symmetric or Asymmetric.
    AlgorithmAlgorithm of the DSM key. The algorithm can be:
    Symmetric
    • AES128
    • AES256
    • ARIA128
    • ARIA256
    Asymmetric
    • RSA1024
    • RSA2048
    • RSA3072
    • RSA4096
    Creation DateTime when the key is added to CCKM.
    Expiration DateTime when the DSM key will expire.
    Domain NameName of the DSM domain where the key is created.
    VersionedWhether the DSM key is versioned.

To hide/display columns, click the Customize View (Custom View) icon, select or clear the desired check boxes, and click OK.

Viewing DSM Keys

The DSM Keys page displays the list of available keys with their details. After a key is created, you can view its description, the key name, encryption type, domain, algorithm, and encryption.

The key description is displayed under the GENERAL INFO section and key versions are displayed under the KEY VERSIONS section.

To view details of a DSM key:

  1. Open the Cloud Key Manager application.

  2. In the left pane, click Cloud Keys > DSM. The list of available DSM keys is displayed.

  3. Click the Key Name link of the desired key. The mini detail view displays the key details.

    Alternatively, click the overflow icon (ellipsis) corresponding to the desired key and click View/Edit.

The KEY VERSIONS section shows the following details:

FieldDescription
Key HashHash of the DSM key.
VersionVersion of the DSM key.
StateState of the key - ACTIVE or DELETED.
AlgorithmAlgorithm of the key.
Creation DateTime when the key is added to CCKM.
Expiration DateTime when the DSM key will expire.
Reason Key Was RotatedExplains why the key is rotated.

Refreshing DSM Keys

Refreshing is the process of downloading keys from configured DSM domains and updating their details on the CCKM GUI. You can refresh keys of all domains at once.

To refresh keys of all domains:

  1. Open the Cloud Key Manager application.

  2. In the left pane, click Cloud Keys > DSM. The list of available DSM keys is displayed.

  3. Click Refresh All. The This may take a while... message is displayed.

    Refreshing all DSM Domains is a time intensive operation that could take several hours or days to complete. It will continue running in the background.

  4. Click Refresh All to continue.

A message Refresh started... is displayed on the screen. To cancel the refresh, click Cancel Refresh.

The refreshed keys are listed on the Cloud Keys > DSM > DSM Keys page.

Deleting DSM Keys

To delete a DSM key:

  1. Open the Cloud Key Manager application.

  2. In the left pane, click Cloud Keys > DSM. The list of available DSM keys is displayed.

  3. Click the overflow icon (ellipsis) corresponding to the desired key.

  4. Click Delete. The Delete Key dialog box is displayed.

  5. Select I wish to delete this key.

  6. Click Delete.

A success message Delete is in progress is displayed. It may take some time to reflect the changes. After a key is deleted, its status becomes Deleted on the DSM Keys page.