Self-Encrypting Drives (SEDs) and how their PINs are stored in the SES database
Body | By default, the SecureDoc Client automatically sends the PIN (Personal Identification Number) used to unlock the SED to the SES Server, so that it can be stored in the SES Database. Note: The Crypto-erase command resets the encryption key on both Seagate Drivetrust SEDs and OPAL SEDs. The "enable key escrow” option within the SES profile brings the encryption key from the SED back to the database, allowing for recovery after crypto-erase - NOTE: This applies to Seagate Drivetrust drives ONLY - there is no equivalent functionality available (by design) for OPAL drives. For safety's sake, the OPAL Consortium has decided not to implement any ability to query the actual encryption key into the set of commands to which an OPAL drive can respond. As a result, SecureDoc cannot recover OPAL drives after a Crypto-erase because we do not bring the encryption keys back to the database, regardless if the option is checked or not). |
|
Article Document | |
Title | Self-Encrypting Drives (SEDs) and how their PINs are stored in the SES database |
URL Name | Self-Encrypting-Drives-SEDs-and-how-their-PINs-are-stored-in-the-SES-database |