SED authentication keys

The authentication keys (AEKs) that you use to lock the SEDs have the following requirements and behaviors.

  • Authentication keys can be used to auto-lock the host drives and the drives in the storage arrays.
  • An authentication key must be 32 bytes.
  • The keys are managed using the IBM® Global Security Kit software. No other key management software or server is required.

You could create a conforming key manually, but as a best practice, you should use the apsedkey generate command to automatically create a random, conformant AEK for the SED drives and store it in your local keystore or in the IBM Security Key Lifecycle Manager if you have configured that support for your system.

The AEK to lock the SED disks of Cloud Pak for Data System nodes must meet the following requirements:
  • The key value must be 32 bytes in length.
  • The key can use characters in range ASCII from 0x00 to 0xFF.