Restoring Non-CTE-LDT Backup Data to an CTE-LDT GuardPoint
This section describes how to restore data encrypted with a non-versioned key to an CTE-LDT GuardPoint.
If the backup was performed with the Apply Key effect, the backup files are in clear text. Simply restore the clear text files to the CTE-LDT GuardPoint with the Apply Key effect. All files will be encrypted with the versioned key.
If the backup of the non-CTE-LDT GuardPoint was performed without the Apply Key effect, the backup is encrypted, and you must do the following:
The following example is for a manual guarding. The steps may differ slightly if your GuardPoint is configured for auto guard.
-
Create a temporary directory for restoring the files, type:
mkdir -p /oxf-fs1/tmp_restore
-
Restore the encrypted backup files into the temporary directory, type:
cp -pr /backup-media/oxf-fs1/gp1/data_files/* /oxf-fs1/tmp_restore
-
Create a Standard Policy with the Apply Key effect for all operations, using the same key as the policy applied on the GuardPoint at the time of backup.
-
Create and enable a new GuardPoint for the temporary directory using the Standard Policy just created.
secfsd -guard /oxf-fs1/tmp_restore
-
Ensure that the temporary GuardPoint and CTE-LDT GuardPoint are both enabled.
secfsd -status guard GuardPoint Policy Type ConfigState Status Reason ---------- ------ ---- ----------- ------ ------ /oxf-fs1/gp1 LDT_AES256 manual guarded guarded N/A /oxf-fs1/tmp_restore AES256 manual guarded guarded N/A
-
Move the restored files from the temporary folder to the GuardPoint enabled with the CTE-LDT policy. The CTE agent encrypts the files in the CTE-LDT GuardPoint using the current key version in effect for the CTE-LDT policy.
mv /oxf-fs1/tmp_restore/* /oxf-fs1/gp1
-
Disable the temporary GuardPoint and remove the temporary restore directory.
secfsd -unguard /oxf-fs1/tmp_restore rm -fr /oxf-fs1/tmp_restore
-
Delete the temporary GuardPoint on the CipherTrust Manager.