Using the key and policy configuration screen, Keys, Finding the help link – HP Secure Key Manager User Manual

Figure 46 Finding the Help link

Clicking this icon opens the help system in a new web browser. The default page shows the table of
contents.

Using the Key and Policy Configuration screen

Keys are used to perform cryptographic operations such as encryption and decryption. Use
authorization policies to restrict the use of a key to certain numbers of operations per hour or certain
times during the week.

The Key and Policy Configuration page enables you to create, import, and manage keys. This page
contains the following sections:

• Keys
• Key Properties
• Group Permissions
• Custom Attributes
• RSA Public Key
• Create Keys
• Import Keys

Keys

The SKM can create and store cryptographic keys (DES, AES, RSA, etc.). A key is composed of two
main parts: the key bytes and the key metadata. The key bytes are the bytes used by the cryptographic
algorithm (together with your data) to produce either plaintext or ciphertext. The key metadata contains
information about the key byte: key name, owner username, algorithm, key size, creation date, group
permissions, and any custom attributes that you create. The metadata also indicates if the key is a
versioned key, deletable, or exportable.

Cryptographic keys can be global or owned by a particular user. Global keys are keys that are
available to everyone, with no authentication required. Additionally, group permissions can be
assigned to a key. For example, you might give members of Group1 permission to export at any time
and members of Group2 permission to export only during a specific time period. Using authorization
policies, you can set usage limitations for keys.

As the administrator of the Secure Key Manager, you can define how your clients authenticate to the
server. A client might be an application or a database, for example. There are two kinds of client
sessions: authenticated and unauthenticated (global). When a client authenticates, it authenticates
either as a local user or as a user in the LDAP user directory that the server is configured to use. An
authenticated client has access to all global keys, all the keys owned by the user, and all keys accessible
to groups to which that user belongs. If a client does not authenticate to the server, then that client
has access only to global keys. On the SKM, keys can be:

•

Generated on the Management Console by an administrator.

•

Imported through the Management Console.

•

Marked as exportable, deletable, neither or both. An exportable key is a key that a client can
export from the server. Similarly, a deletable key is a key that the client can delete from the server.

Secure Key Manager

121