Encryption Key Parent topic

The following table characterizes the SecureCloud encryption key stored on the SecureCloud Key Management Server (KMS).

SecureCloud encryption key characteristics

Characteristic
Description
Cipher
SecureCloud uses Advanced Encryption Standard (AES) as its encryption algorithm.
Key size
Allows for 128, 192, and 256-bit encryption.
Note
Note
By default, the Trend Micro hosted SecureCloud server uses 256-bit encryption.
Mode
AES cipher mode operation is Cipher Block Chaining (CBC).
Key management type
Trend Micro Encryption Module.
Hash
sha1 is always used. In cryptography, secure hash algorithm (sha1) is a cryptographic hash function.
Storage
SecureCloud Server

Exporting an Encryption Key

Important
Important
Only the Security Administrator has permission to export the device or RAID encryption key.
For each encrypted data storage device, you can export the encryption key to a specified location. All exported encryption key files are compressed into a zip file with a name similar to SecureCloudDeviceKeys-yyyymmdd.zip. If you select more than one device for export (any combination of individual devices, RAIDS, and individual devices plus RAIDs), all keys are stored in a single zip file. The zip file itself is not protected by a password. Instead, the XML contents are encrypted using a user-specified passphrase. Because a RAID has multiple devices by nature, selecting a RAID for encryption-key export will result in a zip file containing a key for each device in the RAID.
An exported device encryption key is retrieved from the database and decrypted using the database encryption key. Each decrypted device encryption key is stored in a text file named <device-id>.xml.
The exported device encryption key cannot be imported back into SecureCloud. To use the encryption key for data retrieval, you have to apply keyexporter.sh to the data storage device in question and then use the exported key for decryption.

Related information