Brocade Fabric OS Command Reference Manual v6.2.0 (53-1001186-01, April 2009)

ManualsBrandsHP ManualsStorageBrocade 8/24c SAN Switch for BladeSystem c-Class

141

142

143

144

145

146

147

148

149

150

Fabric OS Command Reference 121

53-1001186-01

cryptoCfg

--dhresponse Accepts the LKM Diffie-Hellman response from the specified NetApp LKM

appliance and generates the link key on the node on which this command is

issued. The DH response occurs by an automatic trusted link establishment

method. The LKM appliance must be specified by its vault_IP_addr. The DH

challenge request must be approved on the Net App LKM appliance for this

command to succeed.

vault_IP_addr Specifies the IP address of the NetApp LKM appliance. This operand is

required.

--zeroizeEE Zeroizes all critical security parameters on the local encryption switch or

blade including all data encryption keys. This command is valid on all nodes.

This command prompts for confirmation and should be exercised with

caution.

slot_number Specifies the slot number of the encryption engine to be zeroized on a bladed

system.

--delete -file Deletes an imported file. The file must be specified by its local name. This

command is valid on all nodes.

local_name Specifies the file to be deleted form the local directory where certificates are

stored.

--show Displays node configuration information. This command requires one of the

following mutually exclusive operands:

-localEE Displays encryption engine information local to the node, such as encryption

engine state and primary/secondary keyencryption key (KEK) information,

routing policy, and media type. Possible values for media type include DISK,

TAPE or MEDIA NOT DEFINED.

-file -all Displays all imported certificates. The -all parameter is required with the

--show -file command.

Function 2. Encryption group configuration

Synopsis cryptocfg --help -groupcfg

cryptocfg --create -encgroup encryption_group_name

cryptocfg --delete -encgroup encryption_group_name

cryptocfg --reg -keyvault cert_label certfile hostname | ip_address primary | secondary

cryptocfg --dereg -keyvault cert_label

cryptocfg --reg -KACcert signed_certfile

cryptocfg --set -keyvault LKM | RKM | SKM

cryptocfg --set -failbackmode auto | manual

cryptocfg --set -hbmisses value

cryptocfg --set -hbtimeout value

cryptocfg --add -membernode node_WWN