![]() | Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition | ||
|
|
![]() |
||||||||||||
Solution Type Technical Instruction Sure Solution 1330911.1 : KMS - Quorum Question, Using KMS and has set up a Key Split Quorum
In this Document
Applies to:Oracle Key Manager - Version: 2.0.0Information in this document applies to any platform. GoalA customer is using KMS and has set up a Key Split Quorum of 3 but 1 person left the company and didn't pass on his passphrase.A second passphrase is in doubt but they may be able to guess it. The third passphrase is known. The questions are: Will repetitive guessing of the key cause any problem eg the data getting locked? What options are there if they cannot guess the second passphrase? SolutionWhat is the Key split threshold Number 1,2 or 3?You can try and guess the passphrase as many times as you like, it will not lock anything. If you can not meet the quorum threshold then really are in trouble, basically can not add new KMA's, if one goes bad. Since you do not know the quorum then you also will not be able to restore the database. Basically your have to start over again, your have to copy all encrypted tapes over to drives with no-encryption or install a new KMS cluster setup with encrypted drives to copy the data from the tapes. To avoid this issue recommend, a high key split size of users, with a low threshold depending on customers security policy allow. i.e - Key split of 10, with a threshold of 3. Engineering has no secret password to reset the Quorum. Attachments This solution has no attachment |
||||||||||||
|