Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1334538.1
Update Date:2011-07-21
Keywords:

Solution Type  Technical Instruction Sure

Solution  1334538.1 :   KMS/OKM -What Behavior Does FIPS Mode Change In An Encrypted Tape Subsystem  


Related Items
  • Sun StorageTek Crypto Key Management System
  •  
Related Categories
  • PLA-Support>Sun Systems>TAPE>Backup Software-Filesystems>SN-TP: Encryption
  •  




In this Document
  Goal
  Solution


Oracle Confidential (PARTNER). Do not distribute to customers
Reason: Confidential for Partners and Oracle Support personnel

Applies to:

Sun StorageTek Crypto Key Management System - Version: Not Applicable and later   [Release: N/A and later ]
Information in this document applies to any platform.

Goal

Inform the field personnel regarding the operation of FIPS mode for KMAs and Tape Drives.

Solution

FIPS Mode On a KMA began with software version 2.2. It is turned on by setting the FIPS Only Mode parameter to On.

If FIPS Only Mode is On:

- All keys generated must come from the SCA 6000 card. If the card is not present or not functioning, then no keys are generated and the KMA fails.
- All keys are wrapped. (ie: Version 2 retrieve key).

If FIPS Only Mode is Off:
- Keys can be either version 1 or 2.
- If the SCA 6000 card is present and functioning, all keys are still generated from the SCA 6000 card.  
- If the SCA 6000 card is not present or not functioning, then keys are generated by software. ( The only exception is if the KMA is running on 2.1 software. In that case you have to have a functioning SCA 6000 card)

Note: Non-FIPS OKMs will still serve keys to FIPS drives.
Attachments
This solution has no attachment
  Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.
 Feedback