CryptoStor^® Tape Retrieval Software

Secure Sharing of Encrypted Tapes

NeoScale's CryptoStor Tape Retrieval Software allows tapes to be decrypted without the need for a hardware-based CryptoStor appliance.

Automated, Secure, and Open Key Sharing

The CryptoStor Tape Retrieval Software requires the encryption keys to decrypt tapes. These keys can be acquired in several ways. When deployed in conjunction with CryptoStor KeyVault^™, the CryptoStor Tape Retrieval Software communicates with CryptoStor KeyVault over a secure communications path and retrieves the keys as needed, but only if the owner of the keys has previously created a Trust Relationship that allows it. This high level of automated security makes sharing of sensitive data simple and secure.

Keys can also be securely exported from a CryptoStor Tape appliance using a Public/Private key pair and e-mailed or otherwise transported to the location of the CryptoStor Tape Retrieval Software.

Because CryptoStor Tape Retrieval Software is a 100% software product designed to run on commonly available Intel platforms, it cannot be optimized to perform at the hardware speed that CryptoStor Tape appliances do. For this reason, it is not recommended that the CryptoStor Tape Retrieval Software be used for intensive decryption of tapes.

Deployment Options

CryptoStor Tape Retrieval Software can be deployed in several scenarios:

• Disaster recovery
• Occasional secure data exchange with partner locations
• Highly secure low-volume sharing of data between disparate offices

Available Platforms

CryptoStor Tape Retrieval Software is available for both Windows and Linux platforms.

System Requirements

Intel PC with:

• Red Hat Advanced Server 4, Update 2, Microsoft Windows Server 2003, Microsoft Windows Storage Server 2003, or Microsoft Windows XP
• 2GHz Processor (minimum)
• 512MB RAM (minimum)
• At least as much available disk space as the amount of uncompressed data on the tape to be decrypted
• Tape drive and SCSI adaptor or FC HBA depending on the type of tape drive being used
• USB port to support the SmartCard reader (in cases where the encryption keys were exported in FIPS mode)

Supported Functionality

The CryptoStor Tape Retrieval Software is designed to re-create a cleartext tape from an encrypted tape so that a backup application can then restore the data. CryptoStor Tape Retrieval Software operates in two phases:

1. CTRS decrypts an encrypted tape and writes the cleartext data to a disk file
2. CTRS then writes the cleartext data to another tape

Now, whichever backup application originally wrote the encrypted tape can read the cleartext tape.

In this way, the format of the output tape is identical to what would have been written had the data not been encrypted in the first place. Regardless of which backup application was originally used to write the (encrypted) tape, the newly written (cleartext) tape is in the correct format and the data on it can be restored by that original backup application.

Security Considerations

• The encryption keys to be used to decrypt the tapes are imported from a file that was previously exported from a CryptoStor Tape appliance or CryptoStor KeyVault.
• Keys can be exported in FIPS mode (recommended) or in non-FIPS mode.
• If the file was exported in FIPS mode, then, for additional security, a SmartCard is required by CryptoStor Tape Retrieval Software to decrypt the tapes.