HP 1606 Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June - Page 129
Generating and backing up the master key
View all HP 1606 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 129 highlights
Generating and backing up the master key 3 Generating and backing up the master key You must generate a master key on the group leader, and export it to a secure backup location so that it can be restored, if necessary. The master key is used to encrypt DEKs for transmission to and from SKM. The backup location may SKM, a local file, or a secure external SCP-capable host. All three options are shown in the following procedure. Note that the Brocade SAN management application provides the additional option of backing up the master key to system cards. 1. Generate the master key on the group leader. SecurityAdmin:switch>cryptocfg --genmasterkey Master key generated. The master key should be exported before further operations are performed. 2. Export the master key to the key vault. Make a note of the key ID and the passphrase. You will need the Key ID and passphrase should you have to restore the master key from the key vault. SecurityAdmin:switch>cryptocfg --exportmasterkey Enter the passphrase: passphrpase Master key exported. Key ID: 8f:88:45:32:8e:bf:eb:44:c4:bc:aa:2a:c1:69:94:2 3. Save the master key to a file. SecurityAdmin:switch>cryptocfg --exportmasterkey -file Master key file generated. 4. Export the master key to an SCP-capable external host: SecurityAdmin:switch>cryptocfg --export -scp -currentMK \ 192.168.38.245 mylogin GL_MK.mk Password: Operation succeeded. 5. Display the group membership information. Verify that the master key ID for all member nodes is the same. SecurityAdmin:switch>cryptocfg --show -groupmember -all NODE LIST Total Number of defined nodes:2 Group Leader Node Name: 10:00:00:05:1e:41:9a:7e Encryption Group state: CLUSTER_STATE_CONVERGED Node Name: 10:00:00:05:1e:41:9a:7e (current node) State: DEF_NODE_STATE_DISCOVERED Role: GroupLeader IP Address: 10.32.244.71 Certificate: GL_cpcert.pem Current Master Key State: Configured Current Master KeyID: 8f:88:45:32:8e:bf:eb:44:c4:bc:aa:2a:c1:69:94:2 Alternate Master Key State: Not configured Alternate Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 EE Slot: SP state: Current Master KeyID: Alternate Master KeyID: No HA cluster membership 0 Waiting for enableEE 8f:88:45:32:8e:bf:eb:44:c4:bc:aa:2a:c1:69:94:2 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 Node Name: 10:00:00:05:1e:39:14:00 Fabric OS Encryption Administrator's Guide 111 53-1001864-01