Voltage SecureData Server Customer Advisory
Voltage SecureData Server
December 10, 2018
Appliance upgrade can result in a software protected Field Encryption Key
Appliance upgrade results in a software protected Field Encryption Key despite the presence of a configured HSM
When applying a SecureData Appliance upgrade, the upgrade script makes a backup of the existing management configuration database, and restores the backup after application of software updates.
After restoration of the backup, the configuration database has sensitive data secured via the Field Encryption Key (FEK). Systems with Hardware Security Modules (HSMs) enabled protect the FEK with an HSM, otherwise the FEK is protected with a software derived key.
The upgrade process can result in a software derived FEK, even when an HSM is available. This applies only to upgraded systems configured with HSMs. Fresh installs of SecureData Appliance are not subject to this issue.
For appliances configured with HSMs, upgrade to SecureData Appliance version 6.6.1: the new upgrade script corrects the FEK protection to use the HSM if available.
Alternatively, apply the following workaround to HSM configured Voltage SecureData Management Console:
From the management console (“Systems->Advanced” settings):
- disable HSM support,
- save settings,
- re-enable HSM support,
save settings (No deploy is necessary, and this will result in an HSM derived FEK).
Voltage SecureData Management Console – all versions
If you require technical assistance with this issue, please contact Micro Focus Voltage Customer Support
Date: December 10, 2018
Document ID: MF-VOLT-CA-201806