Appendix C. Frequently Asked QuestionsCan some combination of application-based key management andlibrary-managed encryption be used?No. When application-managed encryption is used, the encryption istransparent at the library layers. Likewise, when library-managed encryption isused, the process is transparent at the other layers. Each method of encryptionmanagement is exclusive of the others. For library-managed encryption, theapplications need not be changed in any way.Must the Encryption Key Manager be installed and running on every systemthat might generate a request to encrypt or decrypt a tape?With library-managed encryption, the system from which the tape drive writerequest originates need NOT be the system on which the Encryption KeyManager is running. Furthermore, an instance of Encryption Key Managerneed NOT be running on every system from which an encrypting tape drive isaccessed.If I include the ″drive.acceptUnknownDrives = True″ parameter, should I stillinclude the ″config.drivetable.file.url = FILE:/filename″ parameter in theconfiguration file?config.drivetable.file.url must always be specified. It is where the driveinformation will be. If you set drive.acceptUnknownDrives = True you alsoshould specify the drive.default.alias1 and drive.default.alias2 variablesto the correct certificate alias/key label.Is FILE:/filename the correct syntax for the config.drivetable.file.urlproperty? FILE:///filename appears in the sample file, and FILE:../ in thedescription.The examples are correct. This is a URL specification and is not what peoplenormally expect for a directory structure specificationMust I use forward or backward slashes when specifying fully-qualified pathsin the KeyManagerConfig.properties file for an instance of Encryption KeyManager running on Windows?Because KeyManagerConfig.properties is a Java properties file, only forwardslashes are recognized in pathnames, even in Windows. If you use back slashesin the KeyManagerConfig.properties file, errors will occur.Does the Encryption Key Manager perform any Certificate Revocation List (CRL)checking?No, the Encryption Key Manager does not perform any CRL checkingWhat happens when the certificate being used to encrypt the tapes expires? Willthe Encryption Key Manager read previously encrypted tapes?It does not matter to Encryption Key Manager if the certificate has expired. Itwill continue to honor these certificates and read previously encrypted tapes.However the expired certificate must remain in the keystore in order forpreviously encrypted tapes to be read or appended.Will the Encryption Key Manager require that a certificate be renamed onrenewal?The Encryption Key Manager is configured by default to honor new keyrequests with expired certificates. When the Encryption Key Manager isconfigured this way certificate renewal is not required. If this function isdisabled and this private key/certificate pair must still be used for new keyC-1