SED authentication keys
The authentication keys (AEKs) that you use to lock the SEDs have the following requirements and behaviors.
- Authentication keys can be used to auto-lock the host drives and the drives in the storage arrays.
- An authentication key must be 32 bytes.
- The keys are managed using the IBM® Global Security Kit software. No other key management software or server is required.
You could create a conforming key manually, but as a best practice, you should use the apsedkey generate command to automatically create a random, conformant AEK for the SED drives and store it in your local keystore or in the IBM Security Key Lifecycle Manager if you have configured that support for your system.
- The key value must be 32 bytes in length.
- The key can use characters in range ASCII from 0x00 to 0xFF.