Administrator's Guide Supporting HP Secure Key Manager (SKM) and HP Enterprise Secure Key Manager (ESKM) Environments (Supporting Fabric OS v7.2.0) Instruction Manual

160 Fabric OS Encryption Administrators Guide (SKM/ESKM)
53-1002923-01
Re-exporting a master key
3
The exported key ID is displayed with the master key ID, as shown in the examples to follow:
Example: Initial master key export
SecurityAdmin:switch> cryptocfg --exportmasterkey
Enter passphrase:
Confirm passphrase:
Master key exported.
MasterKey ID: 1a:e6:e4:26:6b:f3:81:f7:d8:eb:cc:0f:09:7a:a4:7e
Exported Key ID: 1a:e6:e4:26:6b:f3:81:f7:d8:eb:cc:0f:09:7a:a4:7e
Exporting an additional key ID
Example: Subsequent master key exports
SecurityAdmin:switch> cryptocfg --exportmasterkey
Enter passphrase:
Confirm passphrase:
Master key exported.
MasterKey ID: 1a:e6:e4:26:6b:f3:81:f7:d8:eb:cc:0f:09:7a:a4:7e
Exported Key ID: 1a:e6:e4:26:6b:f3:81:f7:d8:eb:cc:0f:09:7a:a4:7f
SecurityAdmin:switch> cryptocfg --exportmasterkey
Enter passphrase:
Confirm passphrase:
Master key exported.
MasterKey ID: 1a:e6:e4:26:6b:f3:81:f7:d8:eb:cc:0f:09:7a:a4:7e
Exported Key ID: 1a:e6:e4:26:6b:f3:81:f7:d8:eb:cc:0f:09:7a:a4:80
Example: Recovering a master key using master key ID from the second master key export
SecurityAdmin:switch> cryptocfg --recovermasterkey -currentMK -keyID
15:30:f0:f3:5c:2b:28:ce:cc:a7:b4:cd:7d:2a:91:fc
Enter passphrase:
Recover master key status: Operation Succeeded.
Viewing the master key IDs
The show localEE command shows the actual master key IDs, along with the new master key IDs.
Also shown are all exported master key IDs associated with a given (actual) master key.
NOTE
You will need to remember the exported master key ID and passphrase you used while exporting the
master key ID.
A new subcommand is available to support exporting master key IDs for a given master key.
SecurityAdmin:switch> cryptocfg --show -mkexported_keyids <MK ID>