Creating pervasive encryption key templates

Edit online

As an EKMF Web administrator, you must set up key templates for use with zkey on EKMF Web for your organization.

About this task

For pervasive encryption, you need to define three key templates:
  • non-XTS - For volume encryption with an AES key in CBC mode.
  • XTS part 1 - For volume encryption with AES in XTS mode, first part of an XTS key.
  • XTS part 2 - For volume encryption with AES in XTS mode, second part of an XTS key.
The two XTS templates must have the same properties.

Procedure

To create non-XTS, XTS1, and XTS2 key templates, follow these steps:

  1. Log in to EKMF Web.
  2. Go to Administration in the left navigation bar.
  3. Click Key templates.
  4. On the panel that opens, click the Create button on the right.
  5. Select key type Pervasive Encryption from the drop-down menu.
  6. In the Name field, enter the template name.
    The templates names can consist of up to 30 uppercase alphabetic characters, numerals, and hyphens. For example, assuming you want to remember that these key templates are for non-XTS zkey keys, the name can be ZKEY-NONXTS. An example of the first part of a template for the first part of an XTS key is show in Figure 1
    Figure 1. Create new key template panel, part 1
    This graphic is described in the text before it.
  7. In the Key label field, enter the pattern of the key names.
    All keys that are generated with this template have a name that follows this pattern.
    For example, assuming you want the keys to be named as the template and then have sequential numbering, enter:
    ZKEY.NONXTS.<seqno>
  8. Select AES for the key algorithm. Only AES keys are eligible for pervasive encryption.
  9. Select 256 for the key size.
  10. Select Cipher for key type. For zkey, only cipher keys are possible.
  11. For Key state, select Active.
  12. Set Allow key export to on.
    This setting allows you to transfer the key to zkey. An example for the second part of a template for a key is shown in Figure 2.
    Figure 2. Create new key template, part 2
    This graphic is described in the text before it.
  13. Optional: Set the key's active period.
  14. Click Save.

Results

The template is created and shown on the Key Template page. The example template would be listed as ZKEY-NONXTS.

What to do next

Repeat the steps to create the non-XTS, XTS1, and XTS2 key templates. For information on how to create the identity key template, see Creating an identity key template.