Changing or Deleting the Encryption Key
You can change an encryption key of a controller if the controller already has a configured encryption key. You can delete an encryption key for encrypted controllers only if there are no encrypted virtual disks.
To change the encryption key, type the New Encryption Key Identifier and Passphrase. You are prompted to authenticate the current Passphrase. Ensure that you read the note on the importance of passphrase and consequences of not saving the same, before applying the changes.
When you change the encryption key, the existing configuration on the controller is updated to use the new encryption key. If you have removed any of the encrypted drives previously, you must authenticate with the old passphrase to import the encrypted drives.
When changing the encryption key, you can save the file details in the specified system location if the Escrow check box option is selected. If you have already saved the encryption key credentials for a controller, the updates of the credentials for that controller is overwritten to the file only if the file with combination of same controller model, and SAS address otherwise the new file is created. When the credentials are for a new controller with the unique SAS address details, a new file is generated.
If Escrow check box is not selected, and then the file is not created for future references.
If you delete the encryption key, you cannot create encrypted virtual disks, and all encrypted unconfigured self-encrypting drives are erased. However, deleting an encryption key does not affect encryption or data in foreign disks. If you have saved the encryption key credentials to a file, deleting the encryption key does not delete the file. Managing the file is the responsibility of the administrator.
NOTE: On PERC controllers, the
Delete Encryption Key option is disabled when at least one encrypted virtual disk is available. Delete or remove the virtual disk and retry delete from the
Manage Encryption Key task.
|
NOTE: On PERC 12 and later controllers, the
Delete Encryption Key
option is disabled when an encrypted physical disk is available. Perform the
Cryptographic Erase task on the physical disk and retry delete from the
Manage Encryption Key task.
|
NOTE: A Security Key Identifier can contain numerals, lowercase alphabets, uppercase alphabets, nonalphanumeric characters (except space), or a combination of any of these. If you have used the special characters "/" (forward slash) or " ' " (single quote) in the Security Key Identifier, they are displayed as "_" (underscore) on the Change Security Key page and Import Secured Foreign Configurations page. This is applicable only to the Security Key Identifier and not to the Passphrase.
|