What is the process for FSM to rotate key?
2 years ago
Originally Published: 2009-08-31
Article Number
000066069
Applies To
RSA File Security Manager 2.2.1
RSA File Security Manager (FSM)
Issue
What is the process for FSM to rotate key?
Resolution
Here is process FSM uses when rotating an encryption key. For this example, we have a folder C:\data that is 15 GB in size and is encrypted with key "A".

To rotate the key to use new key "B", nothing can access the folder during this operation. A maintenance window should be used to avoid folder being accessed. FSM will first decrypt the folder C:\data using key "A" to a temporary folder. So the equivalent disk space is needed for temporary folder which in this example is 15 GB. After the data has been decrypted, the temporary folder replace C:\data. FSM then starts the process of encrypting the data using key "B". This process is basically the same. FSM will encrypt the folder C:\data using key "B" to a temporary folder. So again the equivalent disk space is needed for temporary folder which in this example is 15 GB. After the data has been encrypted with key "B", the temporary folder replaces C:\data.

The process is now complete with the files under C:\data being encrypted with key "B".


Note: If encrypted folder has a large amout of data, for better performance, it is recommended to move files temporaily to another folder where they will be unencrypted, rotate key on empty folder, then move files back into folder where they will be encrypted with new key.
Don't see what you're looking for?