The token data backup and restore processes – HP StoreEver MSL Tape Libraries User Manual
Page 11
Figure 6 Autoloader and other libraries RMI Status > Security screen showing the Current key and
key creation dates
The token can hold up to 100 keys. Any tape that was written using one of the keys on the token
can be read using that token.
If an attempt is made to read an encrypted tape and the key is not on the installed token, an error
message will be displayed when the tape drive attempts to read the tape. If your application
supports appending data to a previously written tape, the original key used to write the tape must
be available on the installed token to append data to the tape. Only one key is used to encrypt
all of the data on a tape.
The status of each individual key in the Keys on Key Server Token section might inform you that a
key has not had a backup operation performed on it. When you start the process to back up the
token contents to a file, this status will be cleared. Also note that the backup status of the token
might appear in the Key Server Token Status line in the upper portion of the screen. This status
means that a backup is required, even if no individual keys in the Keys on Key Server Token section
have this status. This situation usually occurs when a token has keys restored to it that were not on
the original token. In this case, the autoloader or library has information that there are keys that
have not been backed up, but cannot uniquely identify them. Always create a backup of the token
whenever the Key Server Token Status indicates a backup is required.
The token data backup and restore processes
The encryption kit includes a process to back up the key server token data to a password-protected
file and a process to restore the token backup file to a token. After the restore process, the receiving
token contains a copy of each key from the backup file along with the keys it had before restore
process. The receiving token will keep the same current key for writing encrypted tapes.
NOTE:
After the second and subsequent restore operations to a token, the two tokens will never
have the same current write key. If you need two tokens with the same write key, restore a backup
of one token onto a new token.
In the following example, consider the tokens named Blue, Yellow, and Green:
The Blue token has current key D, with decryption keys A, B, C, and D.
Blue token
D = current key
C
B
A
The token data backup and restore processes
11