Appendix A: Encryption Keys

Encryption Keys

You can view, upload, escrow, and delete encryption keys on the Encryption Keys page. The encryption keys that you upload to the Nasuni Management Console can then be sent to Nasuni Edge Appliances to use with volumes.

Viewing encryption keys on the Nasuni Management Console

To view encryption keys on the Nasuni Management Console, follow these steps:

1. Click Console Settings, then click Encryption Keys in the left-hand column. The Encryption Keys page displays a list of encryption keys on the Nasuni Management Console.

   

   The following information appears for each encryption key in the list:

   • Name: The name of the encryption key.

     • Fingerprint: The fingerprint is a cryptographic hash of the encryption key.

     • Algorithm: The algorithm of the encryption key. You must use RSA.

     • Length: The length of the encryption key, in bits.

     • Key ID: The key ID is a shorter version of the fingerprint of the encryption key, generally including just the last 8 digits.

   • Escrowed by Nasuni: Whether this encryption key is escrowed by Nasuni: Yes (encryption key is escrowed by Nasuni) or No (encryption key is not escrowed by Nasuni).

   • Actions: Actions available for each encryption key.

Uploading (importing or adding) encryption keys to the NMC

You can upload (import or add) encryption keys to the Nasuni Management Console.

You can generate your own encryption keys using any OpenPGP-compatible program, such as Gpg4win, GPGTools, and OpenPGP Studio. You can then upload (import or add) the encryption key to the Nasuni Management Console. The encryption key is used to encrypt your data before it is sent to cloud storage and to decrypt data when it is read back. The Nasuni Management Console accepts multiple encryption algorithms for encryption keys.

Important: For security reasons, encryption keys that you upload cannot be downloaded from the system.

Tip: You can also upload encryption keys using the NMC API. This can be useful for automating tasks and for enhancing security. For more details, see Nasuni API Documentation.

Important: Imported encryption keys are not automatically escrowed. You MUST SAVE all imported encryption keys to another location outside the Nasuni Management Console, so that they are available if needed for disaster recovery. All encryption keys associated with a volume must be recovered as part of the disaster recovery process. To escrow encryption keys with Nasuni, see “Escrowing encryption keys with Nasuni” on page 30.

To upload (import or add) encryption keys to the Nasuni Management Console, follow these steps:

1. On the Encryption Keys page, click Upload Encryption Keys. The Import Key(s) dialog box appears.

   

2. Click Choose File, then navigate to the encryption key file. This file must be OpenPGP- compatible.

   Caution: The maximum length of a file name is 255 bytes.

   In addition, the length of a path, including the file name, must be less than 4,000 bytes.

   Since the UTF-8 representation of characters from some character sets can occupy several bytes, the maximum number of characters that a file path or a file name might contain can vary.

   If a particular client has other limits, the smaller of the two limits applies.

3. If an encryption key passphrase is needed, enter the encryption key passphrase in the Key Passphrase text box.

4. Click Import Key. The encryption key is imported to the Nasuni Management Console. Alternatively, to exit this screen without importing any encryption keys, click the Close button.

Downloading the NMC’s generated encryption key

You can download the Nasuni Management Console’s automatically-generated encryption key.

When a new Nasuni Management Console is created, it needs an encryption key to encrypt the configuration information that it backs up regularly, in case the Nasuni Management Console ever needs to be recovered. The Nasuni Management Console can generate its own encryption key for this purpose. However, if you upload an encryption key to the Nasuni Management Console before it generates its own encryption key, it uses the encryption key that you uploaded, and does not generate its own encryption key.

If the Nasuni Management Console does generate its own encryption key, this generated encryption key is the only encryption key that can ever be downloaded from a Nasuni Management Console.

Important: The time to generate an encryption key can vary widely, depending on the hardware (real or virtual) that the Nasuni Edge Appliance is executing on. Encryption keys are generated in the background, so as to not block use of the Nasuni Edge Appliance during generation.

If you perform a disaster recovery procedure on a Nasuni Management Console, during which you upload that generated encryption key to the Nasuni Management Console, then you can no longer download that encryption key, because downloading uploaded encryption keys is never permitted. As a result, a Nasuni Management Console might have one encryption key available for download, because that generated encryption key has never been uploaded to the Nasuni Management Console. Alternatively, a Nasuni Management Console might not have any encryption key available to download, either because there was no generated encryption key or because that generated encryption key was uploaded at some time to the Nasuni Management Console as part of the disaster recovery process.

You cannot download any Nasuni Edge Appliance encryption key from a Nasuni Management Console, because the Nasuni Edge Appliance never transmits any encryption keys to a Nasuni Management Console. The Nasuni Management Console is never in possession of any encryption key generated by a Nasuni Edge Appliance. In particular, if you use the Nasuni Management Console to create a volume on a Nasuni Edge Appliance, and specify generating a new encryption key for that volume, that new encryption key is generated on the Nasuni Edge Appliance, not on the Nasuni Management Console. The only way to download a Nasuni Edge Appliance encryption key is by using the Nasuni Edge Appliance user interface.

There are other encryption keys present on the Nasuni Management Console that a Nasuni Edge Appliance might use. However, these encryption keys have been uploaded to the Nasuni Management Console, and are not eligible for downloading.

Important: Automatically-generated encryption keys are automatically escrowed with Nasuni. However, Nasuni recommends that you safeguard all of your own encryption keys.

To download the Nasuni Management Console’s generated encryption key, follow these steps:

1. If the Nasuni Management Console’s generated encryption key is available for download, on the Encryption Keys page, click Download Generated Key .

2. The generated encryption key is saved in the form of a .pgp file. Safeguard this encryption key file. Many tools for generating encryption keys also include functions for managing encryption keys, such as Gpg4win, GPGTools, and OpenPGP Studio.

Escrowing encryption keys with Nasuni

You can escrow your encryption keys with Nasuni.

Escrowing an encryption key with Nasuni means that you can, at any time, request the encryption key during a disaster recovery from Nasuni. Your key is protected on Nasuni servers using the same security practices that we use for all keys escrowed with Nasuni.

To escrow encryption keys with Nasuni, follow these steps:

1. For the encryption key that you want to escrow with Nasuni, on the Encryption Keys page, click Escrow Key. The Escrow Encryption Key dialog box appears.

   

2. Enter a Username (case-sensitive) and Password (case-sensitive) that has permission to perform this operation.

   Caution: You are about to permanently escrow your encryption key with the Nasuni Corporation. This process is irreversible.

3. Click Escrow Key. Your encryption key is escrowed with Nasuni. The information in the encryption key list updates to reflect this change.

Alternatively, to exit this screen without escrowing any encryption keys, click the Close button.

Deleting Encryption Keys

You can delete encryption keys from the Nasuni Management Console, as long as the encryption key is not currently assigned to a volume and never has been assigned to a volume. Encryption keys that were once assigned to a volume, but are now disabled, might be needed for disaster recovery procedures and so cannot be deleted.

To delete an encryption key from the Nasuni Management Console, follow these steps:

1. For the encryption key that you want to delete, on the Encryption Keys page, click Delete Key   . The Delete Encryption Key dialog box appears.

   

2. Enter a Username (case-sensitive) and Password (case-sensitive) that has permission to perform this operation.

   Caution: You are about to permanently delete this encryption key. This process is irreversible.

3. Click Delete Key. Your encryption key is deleted. The list of encryption keys updates to reflect this change.

Alternatively, to exit this screen without deleting any encryption keys, click the Close button.

NMC Escrow Passphrase

To perform a recovery procedure on the NMC, you MUST have at least one of the encryption keys for the NMC. This means that, if Nasuni is escrowing this encryption key, one of the following must occur:

• You must have created an escrow passphrase.

• You must have this encryption key available.

• You must contact Nasuni and verify your identity so that Nasuni can issue a special one-time- use recovery key.

The escrow passphrase must contain only ASCII printable characters (no Unicode) and cannot exceed 511 characters.

To create an escrow passphrase for the NMC, follow these steps:

1. Click Console Settings, then click Encryption Keys in the left-hand column. The Encryption Keys page displays a list of encryption keys on the Nasuni Management Console.

   

2. Click Set NMC Escrow Passphrase. The Set Escrow Passphrase dialog box appears.

   

3. Enter the Escrow Passphrase for the NMC. The passphrase must contain only ASCII printable characters (no Unicode) and cannot exceed 511 characters.

   An indication of the strength of the passphrase is displayed.

4. Confirm the NMC escrow passphrase by entering it again.

5. Click Set Passphrase.

The NMC escrow passphrase is created.

Important: Keep this NMC escrow passphrase in a secure place. You use the escrow passphrase when performing a recovery procedure for the NMC.

Tip: If the escrow passphrase is lost, contact Nasuni Support and complete a lost passphrase form. Nasuni provides a one-time-use recovery key. The recovery key is not the escrow passphrase: Nasuni does not know your escrow passphrase and cannot provide it.