TDE keys perform encryption. You cannot create a Smartpoint without a TDE key. You may add TDE keys to be used for encryption at any point in the Smartcrypt Enterprise Manager (SEM).


Adding a TDE Key

Go to TDE > Keys to view the list of current registered TDE keys.

Click Add to display this screen:

Name the Key, then use the drop-down menus to set the Key Rotation, Key Retirement and Key Destruction schedule for this key. The next sections describe these concepts.

Save your changes to add this key.


Key Rotation

Key Rotation allows you to decide when a TDE key should no longer be used for encryption or decryption. Click the drop-down menu, choose from the range of time frames, from 1 month to 10 years. Once the TDE key reaches this age, a new TDE key is created and used. The previously used TDE key(s) will continue to be distributed along with the new TDE key until the old TDE key(s) reach the retirement or destruction date.


Key Retirement

The age selected in the Key Retirement drop-down menu dictates when a TDE key is no longer used for encryption or decryption. However, this TDE key can be pulled out of retirement by changing the age back to None or increasing the age for retirement.


Key Destruction

At the age selected in this drop-down menu, the TDE key is destroyed. This TDE key will never be able to be used again for decryption or encryption, so any file encrypted with this TDE key cannot be unlocked in the future.

** IMPORTANT: Key Destruction is permanent.


Editing a TDE Key

You may edit a TDE key at any time in SEM. Click Edit next to the key you want to change. You may adjust the age of key rotation, key retirement, and key destruction. The team with permission to decrypt files with the TDE key and encrypt files with the same key may be changed as well.


Deleting a TDE Key

You may delete a TDE key at any point in SEM. Click Delete next to the key you want to remove.

** IMPORTANT: Deleting a key has the same effects as key destruction. It is permanent. Any file encrypted with this TDE key cannot be decrypted in the future.