1 / 6

Client Data Encryption

Client Data Encryption. Security and Encryption with TSM Version 6. Basic Client Encryption. User Entry. Prompt. Save. Encryption Key Password PassPhrase. Password File or Registry. Save algorithm. Pass Phrase Saved and Retrieved from Client Storage. Key generation algorithm.

monte
Download Presentation

Client Data Encryption

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Client Data Encryption Security and Encryption with TSM Version 6

  2. Basic Client Encryption User Entry Prompt Save Encryption Key Password PassPhrase Password File or Registry Save algorithm Pass Phrase Saved and Retrieved from Client Storage Key generation algorithm Encryption Key Data Only Transfer AES128 DES56 TSM Server Client Data

  3. Transparent Encryption Pass Phrase Sent from Server to Client Pass Phrase Sent from Server to Client BA Client or API Program TSM Runtime Key generation algorithm Client Data DB DB Encryption Key Encryption Key Pass Phrase Pass Phrase AES128 DES56 AES128 DES56 TSM Server TSM Server Data Only Transfer

  4. Client Encryption • Client options • ENCRYPTKEY • Save – Pass Phrase kept on client • Prompt – Pass Phrase prompt every time • Generate - Pass Phrase generated and kept on server • ENCRYPTIONTYPE AES128 | DES56 • Which algorithm for encryption • Filtering • Exclude.Encryption * (This is the default) • Include.Encryption C:\secrets\...\* • Remember the “Encryption Key Password” • Should encrypt only user data – not system data • If the encryption key is not retrievable and you have forgotten the key, your data will be unrecoverable !

  5. API Transparent Encryption • Install TSM Client API (runtime) and TSM server • No change to application for API • Update Client Options File • ENCRYPTKEY GENERATE • Or ‘enableclientencryptkey yes’ • ENCRYPTIONType AES128 (or DES56) • Include / Exclude processing • exclude.encrypt * (this is the default for encryption) • Include.encrypt /…/* • Use “dapismp” sample application to display encryption status of an API stored object

  6. dapismp output of DB2 backup Item 18: /DIRECTOR\NODE0000\FULL_BACKUP.20050825120755.1   Object type: File   Object state: Active   Insert date: 2005/8/25 12:5:38   Expiration date: 0/0/0 0:0:0   Owner:   Restore order: 5-0-1274111-0-0   Object id: 0-2888524   Copy group: 1   Media class: Fixed   Mgmt class: DEFAULT   Object info is        :20050825120755 S0000000.LOG DB2   Object info length is :37   Estimated size : 0 34447360   Compression : NO  Encryption : CLIENTENCRKEY   Encryption Strength : AES_128BIT

More Related