Enterprise Key Management for Pervasive Encryption of Data Volumes

Learn how to integrate the keys used for pervasive encryption in an key-management system (KMS) by using the zkey utility in a Linux instance on Z or LinuxONE.

These topics describe how to manage the HSM-protected keys used with protected-key dm-crypt in an enterprise setting. Using the zkey utility, you can generate and manage keys in EKMF Web enterprise key management system and import these keys into the zkey repository on your Linux instance.

The topics describe the setup required on both the Linux instance and in the KMS. They also describe how to use the KMS to generate a key for a new volume, retrieve lost a key, and how to efficiently process a replacement of the master key on the HSM, that is, a domain of a CCA Crypto Express adapter that your Linux instance uses.