Create split keys
For CipherTrust Manager to decrypt the Thales DSM, create a migration split key that has the same values as the DSM wrapper key.
Procedure
-
Open Windows command prompt as an Administrator, and change to the directory that contains ksctl.exe.
-
Run the command ksctl migration-split-keys create --name <name> --threshold <threshold> --digest <digest>.
The following are the details of the command:
-
<name> is the name of the import. Migration is identified using this name.
-
<threshold> is the number of custodians, and it is configured as two.
-
<digest> is the wrapper key identifier from the Wrapper Key page in the Thales Vormetric Data Security Manager Web application. The identifier is a hexadecimal number.
The following is a sample command and successful result:
C:\Users\se\.ksctl>ksctl migration-split-keys create --name Migration --threshold 2 --digest f31-cfe
{
"name": "Migration",
"threshold": 2,
"digest": "f31-cfe",
"usable": false
}
What to do next