Skip to content

Files

Latest commit

71ed952 · Feb 28, 2022

History

History
29 lines (17 loc) · 1.29 KB

nbde-managing-encryption-keys.adoc

File metadata and controls

29 lines (17 loc) · 1.29 KB

Tang server encryption key management

The cryptographic mechanism to recreate the encryption key is based on the blinded key stored on the node and the private key of the involved Tang servers. To protect against the possibility of an attacker who has obtained both the Tang server private key and the node’s encrypted disk, periodic rekeying is advisable.

You must perform the rekeying operation for every node before you can delete the old key from the Tang server. The following sections provide procedures for rekeying and deleting old keys.