1. Field of the Invention
This invention relates to an encryption key manager (EKM) and more particularly relates to checking the health of an EKM.
2. Description of the Related Art
Data processing systems often encrypt data when the data is written to a storage device. For example, a data processing system may encrypt data written to a magnetic tape. If the magnetic tape subsequently falls into the hands of a malicious user, the encrypted data is protected and may not be read by the malicious user.
The data processing system typically encrypts data with an encryption key. An encryption key may be a random number with a specified number of digits. Applying the encryption key to the data using a specified algorithm may encrypt data. The data may be decrypted into a recognizable form by using the encryption key and reversing the specified algorithm.
The data processing system may employ one or more EKMs to provide encryption keys for encrypting data. The plurality of EKMs may assure that an EKM is available to provide an encryption key when needed. In addition, EKMs may be distributed through the data processing system to reduce the latency for receiving an encryption key.
The encryption keys are obtained to encrypt and protect data only if the data processing system can establish communications with an EKM. In addition, each EKM must be able to provide encryption keys of a specified type. If the data processing system cannot communicate with an EKM and/or if the EKM cannot provide encryption keys of a specified type, then the data may be stored to a storage device unprotected.
Unfortunately, there is no convenient way for an administrator to verify that EKMs can be communicated with and can provide an encryption key of a specified type. As a result, the administrator may be uncertain if data is properly protected.