Forcibly restoring encryption keys

Encryption License Key User Guide

Part Number

If encryption keys cannot be used, including the keys backed up as the primary backup in the storage system, restore the encryption keys backed up as the secondary backup. Backed-up encryption keys (including free keys, DEKs, or CEKs) for which key information is lost are restored in a batch. The following encryption keys are not restored:

  • Encryption keys that were deleted during operations such as maintenance for drives or back-end modules (also called disk boards or DKBs), decrypting parity groups, or rekeying CEKs.
  • Free keys that were explicitly deleted by manual operations.
Note: To restore an encryption key, all volumes in the encrypted parity group must be blocked. In addition, after the key is restored, the blocked volumes in the encrypted parity group must be restored.
If you restore an encryption key that is not the latest key, the data might not be read correctly. In that case, the drive, encrypting back-end module, or ECTL might be blocked.