Encryption License Key support specifications

The following table lists the support specifications for Encryption License Key.

Item		Specification
Hardware specifications	Encryption algorithm	Advanced Encryption Standard (AES) 256 bit
	Encryption mode	XTS mode
	Encryption module standard	VSP G200: Compliant to FIPS 140-2 Level 1 VSP G400, G600, G800, VSP F400, F600, F800: Compliant to FIPS 140-2 Level 2* *To use encryption modules compliant to FIPS 140-2 Level 2, contact Hitachi Solution Support Center.
LDEVs that you can encrypt	Volume type	Open, mainframe, multiplatform
	Emulation type	All emulation types
	Internal/external LDEVs	Internal LDEVs only
	LDEV with existing data	Requires data migration
Managing encryption keys	Creating encryption keys	Use Device Manager - Storage Navigator (HDvM - SN) to create encryption keys.
	Deleting encryption keys	Use Device Manager - Storage Navigator to delete encryption keys. Note: You cannot delete encryption keys that are allocated to implemented drives. You can delete the encryption key allocated to a drive and allocate a new encryption key only when encryption is disabled for the parity group.
	Unit of encryption/decryption	Encryption is applied to the parity group. Data encryption keys (DEKs) are used per drive.
	Number of encryption keys	VSP G100, VSP G200: Up to 512 DEKs can be created per storage system. In addition, you can create 4 certificate encryption keys (CEKs) and one key encryption key (KEK), so the total maximum number of encryption keys, including DEKs, CEKs, and KEKs, is 517. VSP G400, G600, VSP F400, F600: Up to 1,024 DEKs can be created per storage system. In addition, you can create 4 CEKs and one KEK, so the total maximum number of encryption keys, including DEKs, CEKs, and KEKs, is 1,029. VSP G800, VSP F800: Up to 2,048 DEKs can be created per storage system. In addition, you can create 16 CEKs and one KEK, so the total maximum number of encryption keys, including DEKs, CEKs, and KEKs, is 2,065.
	Attribute of encryption keys	The attributes for the encryption keys are: Free Unused data encryption key that has not yet been allocated. DEK Data encryption key. The key for the encryption of the stored data. CEK Certificate encryption key. The key for the encryption of the certificate and the key for the encryption of DEK per drive. KEK Key encryption key. The key for the encryption of the CEK.
	Backup/restore functionality	Redundant (primary and secondary) backup/restore copies