HOWTO confirm tape drive and loaded media supports T10 Encryption (Security Protocol In & Security Protocol Out)

Article:HOWTO56306  |  Created: 2011-07-30  |  Updated: 2011-08-03  |  Article URL http://www.symantec.com/docs/HOWTO56306
Article Type
How To



 

An example of a tape drive and media that supports Encryption:

- Mount a tape (In this example media id SYM021, density 'hcart')

# tpreq -m SYM021 -p NetBackup -d hcart -f /tmp/fred

- Now query device for Security Protocol In support

# scsi_command -d /tmp/fred -spi
STK     T10000B         550V

Supported security protocol list:
  0x00
  0x20

Tape Data Encryption Out Support page (0x0001, length 6)
  Page 0x0010

Data Encryption Capabilities page (0x0010, length 44)
  EXTDEC 0, CFG_P 1
  Algorithm Index 0x01
  Decrypt 2, Encrypt 2, Nonce 1
  AVFCLP 0, DKAD_C 1, RDMC_C 1
  AVFMV
  MAC_C
  DED_C
  EAREM
  Max UNAUTH Key-associtated data 30 (bytes)
  Max AUTH Key-associtated data 0 (bytes)
  Key size 32 (bytes)
  Security Algorithm Code 0x80010010
[removed reset of output]

Examine the Data Encryption Capabilities page information above and confirm AVFMV is reported.

The T10 standards describe this bit as :

----------------------

The algorithm valid for mounted volume (AVFMV) bit shall be set to one if there is a volume currently mounted and the encryption algorithm being described is valid for that volume. The AVFMV bit shall be set to zero if there is no volume mounted or the algorithm is not valid for the currently mounted volume.

----------------------

The setting of this bit is determined by the drive and the loaded media, NetBackup has no control over the setting/clearing of this bit.

 

When finished with testing, unmount the tape:

# tpunmount /tmp/fred  

 

 

 




Article URL http://www.symantec.com/docs/HOWTO56306


Terms of use for this information are found in Legal Notices