SafeNet key versioning for Edge Encryption
-
- UpdatedFeb 1, 2024
- 2 minutes to read
- Washington DC
- Edge Encryption
Use SafeNet key versioning to simplify changing keys. Instead of creating an alias for every new key, SafeNet key versioning keeps the same alias and increments the version.
You must first schedule a mass key rotation job or a single key rotation job to replace the old SafeNet versioned key with a non-versioned key, and then create a new SafeNet versioned key, if needed. This new versioned key is safe to use with the London or later proxy, and you can restart the proxy.
Encryption key configuration
If using SafeNet versioned keys, the Change Default Keys section of the Encryption Key Configuration form includes new fields for the Key version of the default 128-bit and 256-bit keys. Key version fields are grayed out and cannot be edited.
For procedures, see Configure encryption keys on the instance.
Versioned keys
If using SafeNet versioned keys, when you navigate to , versioned keys include the Key version.
A version number does not appear for the initial entries you make in the Change Default Keys section of the Encryption Key Configuration form. When the proxy server requests a key from SafeNet, the system adds a new line for the alias and adds the Key version.
- The first listing, with no Key version indicated, is the initial entry.
- The second listing, with 1 in the Key version column, is the first version of the key returned from SafeNet.
- The third listing, with 2 in the Key version column, is the second version of the key returned from SafeNet.
- As other versions of the key are returned from SafeNet, new lines are added to record the Key version now in use.