HP StorageWorks 1606 Brocade Fabric OS Command Reference v6.3.0 (53-1001337-01 - Page 164

2 cryptoCfg --initEE Initializes the encryption engine (EE). This command generates critical security parameters (CSPs) and certificates in the CryptoModule's security processor (SP). The CP and the SP perform a certificate exchange to register respective authorization data. Initialization must be performed on every encryption engine before configuration options may be set and encryption may be enabled. This command prompts for confirmation, because it overwrites any previously generated identification or authentication data on the SP. Existing key encryption keys (KEKs) such as link keys or master keys are erased. If this is not a first-time initialization, make sure to export the master key before running this command. If the encryption engine was configured with an LKM key vault, you will have to reconfigure the key vault to regenerate the Trusted Link after initializing the encryption engine. slot_number The --initnode function must be performed before the --initEE function may be performed. Specifies the slot number of the encryption engine to be initialized. This operand is required on bladed systems. --regEE slot_number Registers a previously initialized encryption engine with the CP or chassis. The CP and the specified encryption engine perform a certificate exchange to register respective authorization lists across the encryption engine's FIPS boundary. The encryption blade's certificate is registered with the CP. The CP, FIPS Crypto Officer, and FIPS User certificate are registered with the specified encryption engine. Specifies the slot number of the encryption engine to be registered. This operand is required on bladed systems. --enableEE | --disableEE Enables or disables an encryption engine to perform encryption. You must create the encryption group and complete the key vault registration before you can enable an encryption engine for encryption. In addition, you must re-enable the encryption engine for encryption every time a Brocade Encryption Switch or DCX chassis goes through a power cycle event or after issuing slotPowerOff followed by slotPowerOn for an FS8-18 blade. This command is valid on all nodes. slot_number Specifies the slot number to identify the encryption engine. This operand is required on bladed systems. --export Exports a certificate from the local encryption switch or blade to a specified external host or to a mounted USB device. This command is valid on all nodes. The files are exported from the predetermined directory that was generated during the node initialization phase. The following operands are supported with the --export command: -scp Exports a specified certificate to an external host using the secure copy (SCP) protocol. When -scp is specified, the following operands are required: host IP | host_name Specifies the IP address of the host to which the file is to be exported. To specify the host by name, it must first be configured with dnsconfig. 134 Fabric OS Command Reference 53-1001337-01