Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1334538.1
Update Date:2011-07-21
Keywords:
Solution Type  Technical Instruction Sure

Solution  1334538.1 :   KMS/OKM -What Behavior Does FIPS Mode Change In An Encrypted Tape Subsystem  

Related Items 
    

  • Sun StorageTek Crypto Key Management System
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>TAPE>Backup Software-Filesystems>SN-TP: Encryption
    •  






In this Document

  Goal

  Solution



 Oracle Confidential (PARTNER). Do not distribute to customers

 Reason: Confidential for Partners and Oracle Support personnel






Applies to: 
 
Sun StorageTek Crypto Key Management System - Version: Not Applicable and later   [Release: N/A and later ]
Information in this document applies to any platform.



Goal

Inform the field personnel regarding the operation of FIPS mode for KMAs and Tape Drives.

Solution

FIPS Mode On a KMA began with software version 2.2. It is turned on by setting the FIPS Only Mode parameter to On. 

If FIPS Only Mode is On:

- All keys generated must come from the SCA 6000 card. If the card is not present or not functioning, then no keys are generated and the KMA fails.
- All keys are wrapped. (ie: Version 2 retrieve key).

If FIPS Only Mode is Off:
- Keys can be either version 1 or 2. 
- If the SCA 6000 card is present and functioning, all keys are still generated from the SCA 6000 card.  
- If the SCA 6000 card is not present or not functioning, then keys are generated by software. ( The only exception is if the KMA is running on 2.1 software. In that case you have to have a functioning SCA 6000 card) 

Note: Non-FIPS OKMs will still serve keys to FIPS drives.


Attachments

This solution has no attachment


















       

Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.

 Feedback