Encryption

Edit online

The Encryption [E] function is used to verify whether data on the cartridge was written encrypted. It reads both decrypted and raw data from the cartridge into two separate files on disk. The user can then verify that the data differs to ensure that encryption worked.

The Encryption function does not provide a Write - Read test.

The Encryption function is supported only on encryption enabled drives. It requires that an encryption infrastructure, including the Encryption Key Manager (EKM), is properly set up. An encrypted data cartridge must be used.

The Encryption function is supported for the following encryption environments:
  • System Managed: IBM® tape device driver must be installed and in use by ITDT to read decrypted data
  • Library Managed
  • Application Managed: Only raw encrypted data is read (result file *.ENC)
Note: On i5/OS, media changers and media changer operations are not supported by this release of ITDT-SE. To test a tape drive inside a library, the tape drive must be varied online and the tape library must be varied offline (see Starting ITDT-SE on i5/OS operating systems for details). As the library is varied offline, the Encryption function does not deliver decrypted data in a Library Managed Encryption environment.
  1. After ITDT-SE is started, type S followed by Enter to activate the device scan.
  2. Select the device that you want to test by entering its number and press Enter.
  3. Type E and press Enter to start the encryption test. ITDT-SE then switches to the Encryption Verification screen. On this screen, the system requires the entry of the number of the start record and the amount of data (in KB) to be read.
  4. Type S followed by a space and the start record number, then press Enter to enter the start record number. Type L followed by a blank and the data length, then press Enter to enter the data length, maximum 100000 KB.
    Figure 1. Encryption Start screen
    Encryption Start screen
  5. If you entered the values correctly, press Enter to start the encryption.

    During the encryption, the program shows a progress indicator in form of a bar of number signs (#) that shows the progress of a single subtest and information about that subtest.

    The Encryption function can be stopped by typing A followed by Enter at any time.
    Note: It can take some time before the Encryption function stops.

If all encryption operations are finished, ITDT-SE shows a screen that displays the Status field on the lower left side that indicates PASSED if the encrypted test completed successfully and ABORTED otherwise.

The screen also shows the output files that were generated during the Encryption function:
  • file serial# .n.ENC contains the raw encrypted data
  • file serial# .n.DEC contains the decrypted data
Table 1 defines the abort codes.
Table 1. Abort code definitions
ABORT CODE ROOT CAUSE
LOCATE FAILED Start position as requested by the user was not reached
MEDIUM NOT ENCRYPTED ITDT detected medium as non-encrypted
NO DRIVER SPECIAL FILE System-Managed environment, but generic device file is used instead of IBM device driver special file
DRIVE ENCRYPTION DISABLED Mode Sense detected disabled drive encryption
UNEXPECTED DATA
  • Set Raw read mode failed
  • One of the commands failed
END OF MEDIUM End of medium that is encountered before the specified amount of data was read
END OF DATA End of data that is encountered before the specified amount of data was read
READ FAILED  
ENCRYPTION ERROR  
INVALID PARAMETER User entered data length of 0 kB
FILE IO ERROR The hard drive that ITDT is installed on might have run out of space.

If you want to use other ITDT-SE functions, type R followed by Enter to return to the device list. Otherwise, type Q followed by Enter to exit the program.