TDE keys perform encryption. You cannot create a Smartpoint without a TDE key. You may add TDE keys to be used for encryption at any point in the PK Endpoint Manager (PEM).
Adding a TDE Key
Go to TDE > Keys to view the list of current registered TDE keys.
Click Add to create a new TDE Key
Name the Key, then use the drop-down menus to set the Key Rotation, Key Retirement and Key Destruction schedule for this key. The next sections describe these concepts.
Save your changes to add this key.
|Key Rotation||Key Rotation allows you to decide when a TDE key should no longer be used for encryption or decryption. Click the drop-down menu, choose from the range of time frames, from 1 month to 10 years. Once the TDE key reaches this age, a new TDE key is created and used. The previously used TDE key(s) will continue to be distributed along with the new TDE key until the old TDE key(s) reach the retirement or destruction date.|
|Key Retirement||The age selected in the Key Retirement drop-down menu dictates when a TDE key is no longer used for encryption or decryption. However, this TDE key can be pulled out of retirement by changing the age back to None or increasing the age for retirement.|
At the age selected in this drop-down menu, the TDE key is destroyed. This TDE key will never be able to be used again for decryption or encryption, so any file encrypted with this TDE key cannot be unlocked in the future.
** IMPORTANT: Key Destruction is permanent.
|Selectable By||Users/groups entered here that are part of the TDE Group can choose this key for their Smartpoints.|
Editing a TDE Key
You may edit a TDE key at any time in PEM. Click Edit next to the key you want to change. You may adjust the age of key rotation, key retirement, and key destruction. The team with permission to decrypt files with the TDE key and encrypt files with the same key may be changed as well. The participants table displays the users actively associated with that key. Completed rotations displays successful scheduled key rotations.
Deleting a TDE Key
You may delete a TDE key at any point in PEM. Click Delete next to the key you want to remove.
** IMPORTANT: Deleting a key has the same effects as key destruction. It is permanent. Any file encrypted with this TDE key cannot be decrypted in the future.