openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
enterprise-4.21
openshift-docs/security/network_bound_disk_encryption/nbde-managing-encryption-keys.adoc
Sebastian Kopacz 40f1dc767c OSDOCS-12900: Increasing rec visibility
2025-04-08 16:45:43 +00:00

37 lines
1.3 KiB
Plaintext
Raw Permalink Blame History

:_mod-docs-content-type: ASSEMBLY
// CNF-2127 assembly
[id="nbde-managing-encryption-keys"]
= Tang server encryption key management
include::_attributes/common-attributes.adoc[]
:context: nbde-implementation
toc::[]
The cryptographic mechanism to recreate the encryption key is based on the _blinded key_ stored on the node and the private key of the involved Tang servers.
[NOTE]
====
To protect against the possibility of an attacker who has obtained both the Tang server private key and the node's encrypted disk, periodic rekeying is advisable.
You must perform the rekeying operation for every node before you can delete the old key from the Tang server.
====
The following sections provide procedures for rekeying and deleting old keys.
include::modules/nbde-backing-up-server-keys.adoc[leveloffset=+1]
include::modules/nbde-recovering-server-keys.adoc[leveloffset=+1]
include::modules/nbde-rekeying-tang-servers.adoc[leveloffset=+1]
include::modules/nbde-generating-a-new-tang-server-key.adoc[leveloffset=+2]
include::modules/nbde-rekeying-all-nbde-nodes.adoc[leveloffset=+2]
include::modules/nbde-troubleshooting-temporary-error-conditions.adoc[leveloffset=+2]
include::modules/nbde-troubleshooting-permanent-error-conditions.adoc[leveloffset=+2]
include::modules/nbde-deleting-old-tang-server-keys.adoc[leveloffset=+1]
View Git Blame Copy Permalink