Technical data
154 Fabric OS Encryption Administrator’s Guide (DPM)
53-1002720-02
Re-exporting a master key
3
Enter passphrase:
Confirm passphrase:
Master key exported.
MasterKey ID: 1a:e6:e4:26:6b:f3:81:f7:d8:eb:cc:0f:09:7a:a4:7e
Exported Key ID: 1a:e6:e4:26:6b:f3:81:f7:d8:eb:cc:0f:09:7a:a4:7e
Exporting an additional key ID
Example: Subsequent master key exports.
SecurityAdmin:switch> cryptocfg --exportmasterkey
Enter passphrase:
Confirm passphrase:
Master key exported.
MasterKey ID: 1a:e6:e4:26:6b:f3:81:f7:d8:eb:cc:0f:09:7a:a4:7e
Exported Key ID: 1a:e6:e4:26:6b:f3:81:f7:d8:eb:cc:0f:09:7a:a4:7f
SecurityAdmin:switch> cryptocfg --exportmasterkey
Enter passphrase:
Confirm passphrase:
Master key exported.
MasterKey ID: 1a:e6:e4:26:6b:f3:81:f7:d8:eb:cc:0f:09:7a:a4:7e
Exported Key ID: 1a:e6:e4:26:6b:f3:81:f7:d8:eb:cc:0f:09:7a:a4:80
Example: Recovering a master key using master key ID from the second master key export
SecurityAdmin:switch> cryptocfg --recovermasterkey currentMK -keyID
15:30:f0:f3:5c:2b:28:ce:cc:a7:b4:cd:7d:2a:91:fc
Enter passphrase:
Recover master key status: Operation Succeeded.
Viewing the master key IDs
The show localEE command shows the actual master key IDs, along with the new master key IDs.
Also shown are all exported master key IDs associated with a given (actual) master key.
NOTE
You will need to remember the exported master key ID and passphrase you used while exporting the
master key ID.
A new subcommand is available to support exporting master key IDs for a given master key.
SecurityAdmin:switch> cryptocfg --show -mkexported_keyids <MK ID>
The following example lists the exported master key IDs for a given master key ID:
SecurityAdmin:switch> cryptocfg --show –mkexported_keyids
e3:ae:aa:89:ec:12:0c:04:29:61:9c:99:44:a3:9b:92
e3:ae:aa:89:ec:12:0c:04:29:61:9c:99:44:a3:9b:92