1. Technical Field
The present disclosure relates generally to the field of information handling systems. More specifically, but with limitation, the disclosure relates to recovering lost encryption keys.
2. Background Information
As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is an information handling system (IHS). An information handling system generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, information handling systems may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in information handling systems allow for such systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.
One example of an IHS is a computer data storage system, such as a tape library, a redundant array of independent disk (RAID), or just a bunch of disk (JBOD). A storage system may include several recording media, which may be utilized to store encrypted data. For instance, a tape library may provide several tape cartridges, at least one tape drive, and a mechanism for loading/unloading cartridges from the tape drive(s). A tape library may be capable of storing a significant amount of data, which may also be encrypted by a capable tape library. In a tape library, data may be encrypted utilizing a key manager (KM) that issues encryption/decryption keys, with the KM residing on a server or in the tape library, Some tape libraries may be associated with primary key managers (PKM) along with secondary or backup key managers (SKM). Additionally, some tape libraries may be partitioned in accordance with the number of tape drives in the library. For instance, a tape library with 18 tape drives could have 18 partitions. A pair of key managers (i.e., a PKM and corresponding SKM) may be utilized for each tape drive in the library to manage encryption/decryption keys utilized for the data stored or data to be stored. Accordingly, a tape library may be associated with 18 PKMs and 18 SKMs (i.e., one key pair per partition). The use of KMs for each partition may pose a potential risk to users in the event that partition information is lost. Should there be a loss in partition information, it may cause the subsequent loss of information indicating the particular KM associated with the tape, thus the encrypted media may be unreadable until it is properly associated with its corresponding KM.
Similarly, other types of data storage systems may encounter a similar problem. If the information indicating an association between a particular KM and recording media in a data storage system is lost, the data encrypted on the recording media may be unrecoverable until the information indicating the association is recovered. If KMs are utilized for media drives in large data storage systems which comprise hundreds of media drives and thousands of recording media, it could take a significant amount of time to manually determine which KMs are associated with each of the recording media in the data storage system.
Thus, a need exists for methods and media for automating an encryption key process which may identify a particular pair of key managers utilized to encrypt each of the recording media in a tape library.