Brocade Fabric OS Command Reference Manual v6.2.0 (53-1001186-01, April 2009)
Fabric OS Command Reference 151
53-1001186-01
cryptoCfg
2
To zeroize all critical security parameters on an encryption switch:
SecurityAdmin:switch> cryptocfg --zeroizeEE
This will zeroize all critical security parameters
ARE YOU SURE (yes, y, no, n): [no]y
Operation succeeded.
To delete a file from the local node:
SecurityAdmin:switch> cryptocfg --delete -file
/etc/fabos/certs/sw0/foo.pem
This will permanently delete the selected file.
ARE YOU SURE (yes, y, no, n): [no] y
To display local encryption engine information:
SecurityAdmin:switch> cryptocfg --show -localEE
EE Slot: 4
SP state: Online
Primary Link KeyID: 85:f2:15:18:85:71:20:c0:d6:a8:88:0d:ca:81:d3:81
Secondary Link KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
No HA cluster membership
EE Attributes:
EE Route Mode : PARTITIONED
Media Type : DISK
B. Encryption group configuration
To create an encryption group “brocade”:
SecurityAdmin:switch> cryptocfg --create -encgroup brocade
Encryption group create status: Operation Succeeded.
To delete the encryption group “brocade”:
SecurityAdmin:switch> cryptocfg --delete -encgroup brocade
Encryption group create status: Operation Succeeded.
To register a NetApp LKM appliance as the primary key vault "LKM1":
SecurityAdmin:switch>cryptocfg --reg -keyvault LKM1 lkmcert.pem 10.33.54.231 primary
decru-lkm-1
Register key vault status: Operation Succeeded.
To set the key vault type to LKM:
SecurityAdmin:switch>cryptocfg --set -keyvault LKM
Set key vault status: Operation Succeeded.
To add a member node to the encryption group:
SecurityAdmin:switch> cryptocfg --add -membernode 10:00:00:05:1e:39:14:00
Add node status: Operation Succeeded.
To eject a member node from the encryption group:
SecurityAdmin:switch>cryptocfg --eject -membernode 10:00:00:05:1e:53:b8:45
Eject node status: Operation Succeeded.
To leave the encryption group:
SecurityAdmin:switch>cryptocfg --leave_encryption_group