|Applies To||RSA Data Protection Manager Server|
RSA Data Protection Manager Appliance
|Issue||How are keys generated and protected?|
How are keys encrypted?
|Resolution||All Data Encryption Keys (DEK) that are returned to applications are generated by DPM Server.|
DEKs are then encrypted and stored in the database. DEKs are encrypted using a Key Encryption Key (KEK). If an HSM is configured, that KEK is generated by the HSM (hardware master key), else a Software Master Key is used to encrypt all keys in the database.
The DEKs are encrypted using AES 256-bit encryption.
|Legacy Article ID||a47814|