About FIPS enabled KMS
NetBackup KMS can now be operated in the FIPS mode, wherein the encryption keys that you create are always FIPS approved. FIPS configuration is enabled by default.
See About Federal Information Processing Standards (FIPS).
When you create a new key, a salt is always generated with the new key. Providing the salt value is mandatory when you want to recover a key.
Consider the following example; hrs09to12hrs is a key created using an older version of NetBackup:
Key Group Name : ENCR_Monday
Supported Cipher : AES_256
Number of Keys : 8
Has Active Key : Yes
Creation Time : Wed Feb 25 22:46:32 2015
Last Modification Time: Wed Feb 25 22:46:32 2015
Description : -
Key Tag : 5e16a6ea988fc8ec7cc9bdbc230811b65583cdc0437748db4521278f9c1bbdf9
Key Name : hrs09to12hrs
Current State : ACTIVE
Creation Time : Wed Feb 25 22:50:01 2015
Last Modification Time: Wed Feb 25 23:14:18 2015
Description : active
The key hrs09to12hrs is moved from key group ENCR_Monday to a new key group ENCR_77.
Install_Path\NetBackup\bin\admincmd>nbkmsutil -modifykey -keyname hrs09to12hrs -kgname ENCR_Monday -move_to_kgname ENCR_77
Key details are updated successfully
Now list all the keys of the ENCR_77 key group. Note that the new key Fips77 would be FIPS approved, but not hrs09to12hrs that was created using an older version of NetBackup.
Install_Path\NetBackup\bin\admincmd>nbkmsutil -listkeys -kgname NCR_77
Key Group Name : ENCR_77 Supported
Cipher : AES_256
Number of Keys : 2
Has Active Key : Yes
Creation Time : Thu Feb 26 04:44:12 2015
Last Modification Time: Thu Feb 26 04:44:12 2015
Description : -
Key Tag : 5e16a6ea988fc8ec7cc9bdbc230811b65583cdc0437748db4521278f9c1bbdf9
Key Name : hrs09to12hrs
Current State : ACTIVE
Creation Time : Wed Feb 25 22:50:01 2015
Last Modification Time: Thu Feb 26 04:48:17 2015
Description : active
FIPS Approved Key : No
Key Tag : 4590e304aa53da036a961cd198de97f24be43b212b2a1091f896e2ce3f4269a6
Key Name : Fips77
Current State : INACTIVE
Creation Time : Thu Feb 26 04:44:58 2015
Last Modification Time: Thu Feb 26 04:48:17 2015
Description : active
FIPS Approved Key : Yes
Salt : 53025d5710ab36ac1099194fb97bad318da596e27fdfe1f2
Number of Keys: 2
The new key Fips77 is FIPS approved and also has a Salt value.
KMS with FIPS compliance is supported on the following platforms:
MS Windows Server 2012
Linux.2.6.16 x86-64 Suse-10
Linux.2.6.18 x86-64 RHEL-5