Data encryption and decryption techniques are widely used to securely transmit sensitive information over a network. Many encryption algorithms use encryption keys to transform data into an encrypted format before sending the encrypted data over the network. Encrypted data is typically unreadable and meaningless unless it can be decrypted by the recipient. As such, it is essential to make sure that the key used for encryption/decryption is the correct intended key.
During the course of the data encryption process, there are several areas in the chain of operational procedures where a wrong data encryption key (DEK) can be introduced and used to encrypt data. As a result, the encrypted data may be corrupted and irrecoverable. Typically, the wrong data encryption key may be introduced in one of three common operational procedures. First, a data encryption key may be corrupted in the data transfer process from a source to a destination over a network. This type of corruption may be avoided by using the well-known Advanced Encryption Standard (AES) key_wrap/un_wrap algorithm that employs an integrity checking mechanism for detecting key corruption during transmission and unwrapping operational procedures.
In addition, an incorrect data encryption key may be issued by the driver or other components of the source device responsible for issuing and maintaining data encryption keys. Similarly, an incorrect data encryption key may be retrieved from a local cache memory of the encrypting device (HBA) in which the data encryption key is temporarily stored. Currently, there is no existing method designed to verify that the correct data encryption keys in the encrypting device is used.