Encryption Management Server replicates data without the Ignition Key passphrase being entered
search cancel

Encryption Management Server replicates data without the Ignition Key passphrase being entered

book

Article ID: 190852

calendar_today

Updated On:

Products

Encryption Management Server Powered by PGP Technology Gateway Email Encryption Powered by PGP Technology

Issue/Introduction

An Encryption Management Server Ignition Key protects certain data by encrypting it.

The following data items are encrypted with the ignition key:
  1. Organization Key.
  2. Keys of internal and external users if they are SKM (Server Key Mode) keys.
  3. Whole Disk Recovery Tokens (WDRTs).
  4. Web Email Protection messages - this is optional.
This protects the data in the event that an unauthorized person obtained control of the database. 

After the administrator successfully logs into Encryption Management Server they are prompted for the ignition key passphrase. They are only prompted for the ignition key passphrase after each reboot of the server.

If a server is rebooted but the administrator does not login, the server will still replicate data with other cluster members if it is part of a cluster.

Environment

Encryption Management Server release 3.3.2 MP13 and above.

Resolution

The only way to prevent Encryption Management Server from replicating data after a reboot is to isolate it from the network.