Data Keys
The Data Keys are used to encrypt the Data Fields to which they are assigned. The Data Keys themselves are protected by a KEK Key. You can also require the Data Key to be defined by up to eight different users (see Key Officers for more details).
Add Data Keys
To add Data Keys:
-
Select 12. Data Keys in the Encryption Main menu. The Work with Data Keys screen appears.
Figure : Work with Data Keys
Parameter |
Description |
---|---|
Opt |
Type one of the options to Enter: 1=Modify; Modify fields of the Data Keys in Modify Data Keys screen 4=Delete; Delete Data Keys 6=New Version; Create New Version of Data Keys 8=Activate; Activate Data Keys created |
Name |
The data key name |
Status |
The status of data key: Encrypted/Not Encrypted |
Version |
The version of data key |
Date |
The date of creation of data key |
KEK key |
The KEK Key belonging to the current data key selected |
Description data key |
The description of the data key |
-
Press F6=Add new. The Encryption Type screen appears.
Figure : Encryption Type
Parameter |
Description |
---|---|
Encryption Type |
The encryption type for this key AES128 - Use the Advanced Field Encryption Standard 128 bit encryption AES192 - Use the Advanced Field Encryption Standard 192 bit encryption AES256 - Use the Advanced Field Encryption Standard 256 bit encryption (default) |
-
Enter the Encryption Type to use and press Enter. The Add Data Key screen appears.
Figure : Add Data Key
Parameter |
Description |
---|---|
Data Key |
The name of the Key |
Description |
The description of the Key |
KEK Key |
The KEK Key that is to be used with this Data Key. You can use F4 to choose the KEK. If you don’t see a KEK that you defined you probably did not activated it. |
Encryption Type |
The encryption type for this key |
Auto refresh key |
The frequency at which the system is checked for re-encryption. *NO = No automatic checking for re-encryption /1 … /99 = The number of days between checks for re-encryption MON…SUN = Check for re-encryption weekly on the given day of the week 1….31 = Check for re-encryption monthly on the given day of the month, but do not use 29, 30, or 31. |
Key Value |
Type a key phrase. The Key phrase is divided virtually to 8 parts. |
|
Your organization may decide that the definition of the full Data Key will be done by more than one person, up to a maximum of eight. . See Key Officers for more details. |
F8=Generate random |
Press F8 to generate a random key |
-
Enter the Data Key definitions and press Enter. The new Data Key is added and now appears in the Work with Data Keys screen.
Modify Data Keys
To modify Data Keys:
Only Data Keys with a Status of Pending can be modified. A Data Key with a Status of Active cannot be modified.
-
Select 12. Data Keys in the Encryption main menu. The Work with Data Keys screen appears.
-
Select the Data Key to modify and press 1=Modify. The Modify Data Key screen appears.
Figure : Modify Data Key
Parameter |
Description |
---|---|
Data Key |
The name of the Key |
Description |
The description of the Key |
KEK Key |
The KEK Key that is to be used with this Data Key |
Encryption Type |
The encryption type for this key |
Auto refresh key |
The frequency at which the system is checked for re-encryption. *NO = No automatic checking for re-encryption /1 … /99 = The number of days between checks for re-encryption MON…SUN = Check for re-encryption weekly on the given day of the week 1….31 = Check for re-encryption monthly on the given day of the month, but do not use 29, 30, or 31. |
Key Value |
Copy from above or delete |
|
Copy from above or delete |
F8=Generate random |
Press F8 to generate a random key |
-
Enter the Data Key definitions and press Enter. The Data Key is updated and now appears in the Work with Data Keys screen.
Create a New Version of a Data Key
You may need to change Data Keys because of an internal or external compliance requirement. You may also want to change a Data Key because you feel that it may have become exposed.
You can only update a Data Key whose latest version has the Status of Active.
To create a new version of a Data Key:
-
Select 12. Data Keys in the Encryption main menu. The Work with Data Keys screen appears.
-
Select the Data Key for which you want to create a new version and press 6=New version. The Modify Data Key screen appears.
-
Enter the new Data Key strings and press Enter. The new version of the Data Key is created with the Status of Pending and now appears in the Work with Data Keys screen.
Activate Data Keys
After you have created a new version of a Data Key, you must activate it for all associated fields to use it for encryption. (This option is relevant for Field Rotate Type with a value of 6, in the Add Occurrence screen.)
You can only activate a Data Key with a Status of Pending.
To activate a Data Key:
-
Select 12. Data Keys in the Encryption main menu. The Work with Data Keys screen appears.
-
Select the Data Key for which you want to activate a pending version and press 8=Activate. The Activate Data Key screen appears.
Figure : Activate Data Key
-
Press Enter. The Data Key version is activated and the updated Work with Data Keys screen appears.
Delete Data Keys
To delete Data Keys:
You cannot delete a Data Key that has a later version. You must first delete the later versions. Also, you cannot delete Data Keys that have associated fields.
-
Select 12. Data Keys in the Encryption main menu. The Work with Data Keys screen appears.
-
Select the Data Key to delete and press 4=Delete. The Delete Data Keys screen appears.
-
Press Enter. The Data Key is deleted and the updated Work with Data Keys screen appears.