You can import an encryption key from another Rapid Recovery Core and use that key to encrypt data for a protected machine in your Core. To import the key, you must be able to access it from the Core machine, either locally or through your network. You must also know the passphrase for the encryption key.
Complete the steps in this procedure to import an encryption key.
- Navigate to the Rapid Recovery Core Console.
- On the icon bar, click
(More) and then select
Encryption Keys.
The Encryption Keys page appears.
- Click
Import.
The File Upload dialog box appears.
- In theFile Upload dialog box, navigate to the network or local directory containing the encryption key you want to import.
For example, navigate to the Downloads folder for the logged-in user.
The key filename starts with "EncryptionKey-," followed by the key ID, and ending in the file extension .key. For example, a sample encryption key name is EncryptionKey-RandomAlphabeticCharacters.key.
- Select the key you want to import, and then click Open.
- In the Import Key dialog box, click OK.
The dialog box closes and the encryption key you imported is visible on the Encryption Keys page. If the encryption key was used to protect a volume before it was exported, the state of the key is Locked.
Encryption keys may contain a state of unlocked or locked. An unlocked encryption key can be applied to a protected machine to secure the backup data saved for that machine in the repository. From a Rapid Recovery Core using an unlocked encryption key, you can also recover data from a recovery point.
When you import an encryption key into a Rapid Recovery Core, its default state is Locked. This is true regardless of whether you explicitly imported the key, or whether the encryption key was added to the Rapid Recovery Core either by replicating encrypted protected machines or by importing an archive of encrypted recovery points.
For encryption keys added to the Rapid Recovery Core by replication only, when you unlock a key, you can specify a duration of time (in hours, days, or months) for the encryption key to remain unlocked. Each day is based on a 24-hour period, starting from the time the unlock request is saved to the Rapid Recovery Core. For example, if the key is unlocked at 11:24 AM on Tuesday and the duration selected is 2 days, the key automatically re-locks at 11:24 AM that Thursday.
|
NOTE: You cannot use a locked encryption key to recover data or to apply to a protected machine. You must first provide the passphrase, thus unlocking the key. |
You can also lock an unlocked encryption key, ensuring that it cannot be applied to any protected machine until it is unlocked. To lock an encryption key with a state of Universal, you must first change its type to Replicated.
If an unlocked encryption key is currently being used to protect a machine in the Core, you must first disassociate that encryption key from the protected machine before you can lock it.
Complete the steps in this procedure to unlock a locked encryption key.
- Navigate to the Rapid Recovery Core Console.
- On the icon bar, click
(More) and then select Encryption Keys.
The Encryption Keys page appears. The State column indicates which encryption keys are locked.
- Locate the encryption key you want to unlock, click its drop-down menu
, and select Unlock.
The Unlock Encryption Key dialog box appears.
- In the dialog box, in the Passphrase text box, enter the passphrase to unlock this key.
- To specify the length of time that the key remains unlocked, in the Duration option, do one of the following:
- To specify that the key remains unlocked until you explicitly lock it, select Until locked manually.
- To specify that the key remains locked for a duration which you configure in hours, days, or months, do the following:
- To specify that the key remains locked until a date and time that you specify, do the following:
When an encryption key state is locked, it cannot be applied to any protected machine until it is unlocked. To lock an encryption key with a type of Universal, you must first change its type to Replicated.
Complete the steps in this procedure to lock an encryption key.
- Navigate to the Rapid Recovery Core Console.
- On the icon bar, click
(More) and then select Encryption Keys.
The Encryption Keys page appears. The State column indicates which encryption keys are unlocked, and shows the type for each key.
- Locate the encryption key you want to lock. If its type is Universal, then click its drop-down menu
, and select Change the type to Replicated.
The Change Encryption Key Type dialog box appears.
- In the dialog box, confirm that you want to change the key type to Replicated.
- If you successfully changed the encryption key status to Replicated, then click its drop-down menu
, and select Lock.
The Lock Encryption Key dialog box appears.
- In the dialog box, confirm that you want to lock the key.
The dialog box closes, and the state of the selected encryption key is now locked.
|
NOTE: This option is available for encryption keys added by replication. |
After an encryption key is defined, you can edit the name of the encryption key or the description of the key. These properties are visible when you view the list of encryption keys in the Encryption Keys pane.
Complete the steps in this procedure to edit the name or description of an existing unlocked encryption key.
|
Caution: After you edit the name or description an encryption key that is used to protect one or more machines, Rapid Recovery takes a new base image. That base image snapshot occurs for that machine upon the next scheduled or forced snapshot. |
- Navigate to the Rapid Recovery Core Console.
- On the icon bar, click
(More) and then select Encryption Keys.
The Encryption Keys page appears.
- Locate the encryption key you want to edit, and do the following:
- Click the drop-down menu
for the specified encryption key, and select Edit.
The Edit Encryption Key dialog box appears.
- In the dialog box, edit the name or the description for the encryption key, and then click OK.
The dialog box closes, and the changes for the selected encryption key are visible on the Encryption Keys page.