Data Domain - How to decrypt the encryption at rest data on Data Domain file system


   Article Number:     538617                                   Article Version: 2     Article Type:    How To 




Data Domain,Data Domain Encryption





Data Domain file system has encryption at rest enabled. This article describes the steps of how to decrpt the encryption at rest data on Data Domain file system.                                                                                                                           






From DD CLI:   
    1. Disable encryption:   
    # filesys encryption disable   
    2. Restart file system:   
    # filesys restart   
    3. Export current encryption keys for record purpose:   
    # filesys encryption keys export   
    4. Note current key IDs:   
    # filesys encryption keys show   
    5. Mark the key for destroyed:   
    # filesys encryption keys destroy xx   
    (xx = key ID returned from step 4)   
    6. Apply the changes:   
    # filesys encryption apply-changes   
    7. Start file system cleaning:   
    # filesys clean start   
    8. Make sure GC is completed   
    # filesys clean watch   
    9. Once GC is completed, key state should change to destroyed state. Verify by:   
    # filesys encryption keys show   
    10. Delete the key:   
    # filesys encryption keys delete xx   
    (xx = key ID returned from step 4)