Recovering from an encrypted backup using an encrypted tape

Hardware tape encryption uses tape devices with data encryption capabilities and key management software to encrypt your data. IBM® i supports only library-managed encryption. Use these steps to recover data that you backed up using an encrypting tape drive or tape library.

To restore from an encrypted backup using an encrypting tape drive or tape library, follow these steps:
  1. Ensure that the key management software is running and connected to the system where you plan to restore the data.
    The key manager contains the encryption keys that are needed for the recovery operation.
  2. Restore the data from the most recent backup tape. When the data is restored, it is decrypted.
    When you share tapes with another company, the key manager writes the tape with the other company's public key. They can decrypt and read the tape by using their private key.
Attention: It is important to preserve your keystore data, which is stored in the key manager. Without access to your keystore data, you cannot decrypt your encrypted tapes during a restore operation. Back up the keystore data so that you can recover it as needed. You also can have two key managers that are mirror images of each other with built-in backup of the critical keystore information, as well as a failover if one key manager becomes unavailable. When you configure your tape device, you can point it to two key managers. If one key manager becomes unavailable for any reason, your device uses the alternate key manager.