Thank you (and Radoslaw) for your answers.
>________________________________ > From: Todd Arnold <[email protected]> >To: [email protected] >Sent: Tuesday, May 14, 2013 7:35 AM >Subject: Re: ICSF master keys at DR site > > >Without a TKE, I don't think there is any other method. > >If you do have a TKE, there is a very nice and very secure method of >completely cloning everything from one crypto card to another one. This was >added a couple of releases ago. Here is the beginning of the description from >the current TKE user's guide (which I just retrieved from Resource Link): > >------------------------------- >Configuration migration > >The TKE workstation provides tools to securely capture host crypto module >configuration data to a file, and then reapply this data to another host crypto >module or crypto module group. The data that can be securely captured includes >roles, authorities, domain control settings, and master keys. These tools >simplify >the task of installing new or replacement host crypto modules, and can be used >for >backup and disaster recovery as well. > >Two tools are provided: one that migrates only public configuration data >(roles, >authorities, domain control settings) and one that migrates all configuration >data, >including secret data, such as master key values. The protocol for migrating >secret >data is more complex than the protocol for migrating only public data, and >requires the participation of several smart card holders. >------------------------------- > >Todd Arnold > >---------------------------------------------------------------------- >For IBM-MAIN subscribe / signoff / archive access instructions, >send email to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
