Data Domain - How to decrypt the encryption at rest data on Data Domain file system

           

   Article Number:     538617                                   Article Version: 2     Article Type:    How To 
   

 


Product:

 

Data Domain,Data Domain Encryption

 

Instructions:

 

 

Data Domain file system has encryption at rest enabled. This article describes the steps of how to decrpt the encryption at rest data on Data Domain file system.                                                                                                                           

 

 

Notes:

 

 

From DD CLI:   
    1. Disable encryption:   
    # filesys encryption disable   
   
    2. Restart file system:   
    # filesys restart   
   
    3. Export current encryption keys for record purpose:   
    # filesys encryption keys export   
   
    4. Note current key IDs:   
    # filesys encryption keys show   
   
    5. Mark the key for destroyed:   
    # filesys encryption keys destroy xx   
    (xx = key ID returned from step 4)   
   
    6. Apply the changes:   
    # filesys encryption apply-changes   
   
    7. Start file system cleaning:   
    # filesys clean start   
   
    8. Make sure GC is completed   
    # filesys clean watch   
   
    9. Once GC is completed, key state should change to destroyed state. Verify by:   
    # filesys encryption keys show   
   
    10. Delete the key:   
    # filesys encryption keys delete xx   
    (xx = key ID returned from step 4)