Validate keys after migration

After migrating keys to CipherTrust Manager KMS, confirm that the keys are there and show the latest CipherTrust version number.

Before you begin 

Run key migration in CipherTrust Manager

Procedure 

  1. Open CipherTrust Manager, go to the home page, and confirm that the admin drop-down shows the Switch Domains option to view the corresponding domain.Screenshot of CipherTrust manager web

  2. Switch to the domain name of Thales KMS to view the list of imported keys. For example, if Thales DSM has a domain name as RecorderDomain then switch to RecorderDomain here.

    Screenshot of keys successfully migrated to CipherTrust

  3. Make sure that the version number of an imported key is higher than the version number of the same key in Thales DSM.

If the version number of an imported key is lower than its version in Thales DSM, then Recordings cannot be decrypted. This issue occurs when a key rotates during the migration process.

To fix this issue, restart the migration process, as described Workflow: Migrate keys from Thales DSM to CipherTrust Manager

Related topics 

Workflow: Import keys to CipherTrust Manager