TDE keys perform encryption. You cannot create a Smartpoint without a TDE key. This panel allows you to add, edit, delete, or rotate the keys.
Adding a TDE Key
To add a key, click Add button to open Add TDE Key window.
Perform the following steps.
- Define a name for the key in Name
- Select desired options from the Key Rotation, Key Retirement, and Key Destruction drop-down. For more information, refer the table.
- Click Save button to save the changes else, click Cancel.
Key Rotation allows you to decide when a TDE key should no longer be used for encryption or decryption. Click the drop-down menu, choose from the range of time frames, from 1 month to 10 years. Once the TDE key reaches this age, a new TDE key is created and used. The previously used TDE key(s) will continue to be distributed along with the new TDE key until the old TDE key(s) reach the retirement or destruction date.
The age selected in the Key Retirement drop-down menu dictates when a TDE key is no longer used for encryption or decryption. However, this TDE key can be pulled out of retirement by changing the age back to None or increasing the age for retirement.
At the age selected in this drop-down menu, the TDE key is destroyed. This TDE key will never be able to be used again for decryption or encryption, so any file encrypted with this TDE key cannot be unlocked in the future.
*Note: Key Destruction is permanent.
Editing a TDE Key
You can edit a TDE key anytime in PEM Administrator. Click Edit next to the key you want to edit. You may adjust the time of key rotation, key retirement, or key destruction. The team having permission to decrypt files with a TDE key and encrypt files with the same TDE key can be changed as well.
Following panels appear while editing a TDE key:
- Participants: This panel displays the users actively associated with the key.
- Completed Rotations: This panel displays the successful key rotations. It displays information about who started the key rotation along with the completion date (or timestamp).
Deleting a TDE Key
You can delete a TDE key anytime in PEM Administrator. Click Delete next to the key you want to remove.
Note: Deleting a key has the same effects as key destruction. Any file encrypted with this TDE key cannot be decrypted in future.