Introduction to Keyrings

Keyrings are groupings of DPX keys. These keys are used to derive actual encryption keys for data-encrypted jobs.

Each key in a keyring is assigned to a period when it is applicable for backup and migrate jobs. At any time, only one key in a keyring is applicable. The other keys in a keyring, though retired, may still be needed for restore and migrate jobs.

A keyring, in turn, is a resource that gets assigned to an administrator group. See Assigning Resources and Privilege Classes. When a job is run, the administrator that creates that job must belong to an administrator group that contains the keyring holding the encryption key.

For restore jobs, the same key that was used to back up the job must be used to restore it. Keyring information is recorded along with an encrypted backup instance on the tape volume, so DPX knows which key to use for restore. As with other types of jobs, the keyring specified on the media being restored must be assigned to the administrator who has created the restore job.

For migrate jobs, the same key that would have been used for the original backup jobs is used for encryption. If an original backup job used encryption, then its data is not re-encrypted during migrate. This means that in order to encrypt the data during migrate, you must have created a keyring and a key before the original backup jobs were run.

The reason for multiple keys on a keyring is to mitigate the effect of compromising an existing key or losing a set of tapes. For example, if the key database is compromised (e.g., stolen), an administrator can simply generate a new key for each keyring to protect all future jobs. For another example, if a tape corresponding to a particular key is stolen, the administrator can generate a new key in its place, and delete that previous key to prevent it from being compromised. Note that deleting a key effectively expunges all the backup instances that were encrypted with that key.