HP StorageWorks 4/64 Brocade Fabric OS Command Reference v6.3.0 (53-1001337-01 - Page 174
encrypted master key is displayed. Make a note of the key ID, because
View all HP StorageWorks 4/64 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 174 highlights
2 cryptoCfg --leave_encryption_group Clears the node's states pertaining to the node's membership in the encryption group. This command is invoked from the member node that is to be ejected from the encryption group.The node must be online (in DISCOVERED state) for this command to succeed. To remove a node that is not online (in DISCOVERING State), use --dereg -membernode. You must remove the EEs from the HA cluster and delete any CryptoTarget container and Crypto LUN configurations from this node prior to initiating a leave operation. --genmasterkey Generates a master key. A master key is needed when an opaque key vault such as RKM is used. The master key must be exported (backed up) before it may be used. This command is valid only on the group leader. Only one master key per key vault is needed for the entire encryption group. When a master key is generated and a master key exists, the current master key becomes the alternate master Key and the newly generated master key becomes the current master key. --exportmasterkey Exports the current master key encrypted in a key generated from a specified pass phrase. By default this command backs up the key to the attached key vaults, or optionally to a predetermined file on the switch. This command is valid only on the group leader. This command prompts for a pass phrase. passphrase Specifies the pass phrase for the master key encryption. A pass phrase must be between 8 and 40 characters in length and can contain any character combination. Make a note of the pass phrase, because the same pass phrase is required to restore the master key from backup. This operand is required. -file Stores the encrypted master key in a predetermined file on the switch. This operand is optional. If the -file operand is not specified, the encrypted master key is stored in the attached key vaults, and a key ID uniquely identifying the encrypted master key is displayed. Make a note of the key ID, because the same key ID is required to restore the master key from backup. --recovermasterkey Restores the master key from backup. This command is valid only on the group leader. This command prompts for a pass phrase: passphrase Specifies the pass phrase for recovering the master key. The pass phrase must be the samethat was used to back up the master key with the --exportmasterkey command. currentMK | alternateMK Specifies whether the master key should be restored to the current position or the alternate position. This command replaces the specified existing master key and should be exercised with caution. A master key is typically restored to the alternate position to enable decryption of older data encryption keys (DEKs) that were encrypted in that master key. -keyID keyID Specifies the master key ID. This option restores the master key from the key vault. The master key ID was returned when it was backed up to the key vault with the --exportmasterkey command. The -keyID and the -srcfile options are mutually exclusive. 144 Fabric OS Command Reference 53-1001337-01