Generating keys
Keys are generated in EKMF Web, and stored in the zkey repository. Properties that you define for a key, such as the description or the volume, are transferred to EKMF Web.
Before you begin
- The volumes that you want to encrypt.
- The type of key you want to generate.
About this task
EKMF Web cannot import existing zkey keys. Keys that were generated locally before the repository was bound to EKMF Web are marked as local, and can be used only on the Linux instance on which zkey runs.
Procedure
Results
The key is saved in EKMF Web with its properties. You can reuse the key for another system.
After the key is generated you can use the kms list command to see its properties, such as the two parts of the XTS key:# zkey list
Key : emkf-dasdb1
-------------------------------------------------------------------------------------
Description : XTS key for DASD B1
Secure key size : 272 bytes
Clear key size : 512 bits
XTS type key : Yes
Key type : CCA-AESCIPHER
Volumes : /dev/dasdb1:enc_disk
APQNs : 08.002f
09.002f
Key file name : /etc/zkey/repository/emkf-dasdb1.skey
Sector size : (system default)
Volume type : LUKS2
Verification pattern : 709bc1e20e34f940362761141e094c65
d15bc6cc177d88e7c704577df96d1484
KMS : EKMFWeb
KMS key label : ZKEY.XTS1.00002
ZKEY.XTS2.00002
Created : 2021-03-17 17:31:14
Changed : (never)
Re-enciphered : (never)