Data Keys

The Data Keys are used to encrypt the Data Fields to which they are assigned. The Data Keys themselves are protected by a KEK Key. You can also require the Data Key to be defined by up to eight different users (see Key Officers for more details).

Add Data Keys

To add Data Keys:

Select 12. Data Keys in the Encryption Main menu. The Work with Data Keys screen appears.

Figure : Work with Data Keys

Parameter	Description
Opt	Type one of the options to Enter: 1=Modify; Modify fields of the Data Keys in Modify Data Keys screen 4=Delete; Delete Data Keys 6=New Version; Create New Version of Data Keys 8=Activate; Activate Data Keys created
Name	The data key name
Status	The status of data key: Encrypted/Not Encrypted
Version	The version of data key
Date	The date of creation of data key
KEK key	The KEK Key belonging to the current data key selected
Description data key	The description of the data key

Press F6=Add new. The Encryption Type screen appears.

Figure : Encryption Type

Parameter	Description
Encryption Type	The encryption type for this key AES128 - Use the Advanced Field Encryption Standard 128 bit encryption AES192 - Use the Advanced Field Encryption Standard 192 bit encryption AES256 - Use the Advanced Field Encryption Standard 256 bit encryption (default)

Parameter

Description

Encryption Type

The encryption type for this key

AES128 - Use the Advanced Field Encryption Standard 128 bit encryption

AES192 - Use the Advanced Field Encryption Standard 192 bit encryption

AES256 - Use the Advanced Field Encryption Standard 256 bit encryption (default)

Enter the Encryption Type to use and press Enter. The Add Data Key screen appears.

Figure : Add Data Key

Parameter	Description
Data Key	The name of the Key
Description	The description of the Key
KEK Key	The KEK Key that is to be used with this Data Key. You can use F4 to choose the KEK. If you don’t see a KEK that you defined you probably did not activated it.
Encryption Type	The encryption type for this key
Auto refresh key	The frequency at which the system is checked for re-encryption. *NO = No automatic checking for re-encryption /1 … /99 = The number of days between checks for re-encryption MON…SUN = Check for re-encryption weekly on the given day of the week 1….31 = Check for re-encryption monthly on the given day of the month, but do not use 29, 30, or 31.
Key Value	Type a key phrase. The Key phrase is divided virtually to 8 parts.
	Your organization may decide that the definition of the full Data Key will be done by more than one person, up to a maximum of eight. . See Key Officers for more details.
F8=Generate random	Press F8 to generate a random key

Enter the Data Key definitions and press Enter. The new Data Key is added and now appears in the Work with Data Keys screen.

Modify Data Keys

To modify Data Keys:

Only Data Keys with a Status of Pending can be modified. A Data Key with a Status of Active cannot be modified.

Select 12. Data Keys in the Encryption main menu. The Work with Data Keys screen appears.

Select the Data Key to modify and press 1=Modify. The Modify Data Key screen appears.

Figure : Modify Data Key

Parameter	Description
Data Key	The name of the Key
Description	The description of the Key
KEK Key	The KEK Key that is to be used with this Data Key
Encryption Type	The encryption type for this key
Auto refresh key	The frequency at which the system is checked for re-encryption. *NO = No automatic checking for re-encryption /1 … /99 = The number of days between checks for re-encryption MON…SUN = Check for re-encryption weekly on the given day of the week 1….31 = Check for re-encryption monthly on the given day of the month, but do not use 29, 30, or 31.
Key Value	Copy from above or delete
	Copy from above or delete
F8=Generate random	Press F8 to generate a random key

Enter the Data Key definitions and press Enter. The Data Key is updated and now appears in the Work with Data Keys screen.

Create a New Version of a Data Key

You may need to change Data Keys because of an internal or external compliance requirement. You may also want to change a Data Key because you feel that it may have become exposed.

You can only update a Data Key whose latest version has the Status of Active.

To create a new version of a Data Key:

Select 12. Data Keys in the Encryption main menu. The Work with Data Keys screen appears.
Select the Data Key for which you want to create a new version and press 6=New version. The Modify Data Key screen appears.

Enter the new Data Key strings and press Enter. The new version of the Data Key is created with the Status of Pending and now appears in the Work with Data Keys screen.

Activate Data Keys

After you have created a new version of a Data Key, you must activate it for all associated fields to use it for encryption. (This option is relevant for Field Rotate Type with a value of 6, in the Add Occurrence screen.)

You can only activate a Data Key with a Status of Pending.

To activate a Data Key:

Select 12. Data Keys in the Encryption main menu. The Work with Data Keys screen appears.

Select the Data Key for which you want to activate a pending version and press 8=Activate. The Activate Data Key screen appears.

Figure : Activate Data Key

Press Enter. The Data Key version is activated and the updated Work with Data Keys screen appears.

Delete Data Keys

To delete Data Keys:

You cannot delete a Data Key that has a later version. You must first delete the later versions. Also, you cannot delete Data Keys that have associated fields.

Select 12. Data Keys in the Encryption main menu. The Work with Data Keys screen appears.

Select the Data Key to delete and press 4=Delete. The Delete Data Keys screen appears.
Press Enter. The Data Key is deleted and the updated Work with Data Keys screen appears.