Brocade Fabric OS Encryption Administrator's Guide Supporting Fabric OS v6.2.0 (53-1001201-04, May 2009)

ManualsBrandsHP ManualsStorageHP Encryption SAN Switch

141

142

143

144

145

146

147

148

149

150

Encryption Administrator’s Guide 127

53-1001201-04

Key vault configuration

Generating and exporting the master key

You must generate a master key on the group leader, and export it to a backup location. This may

be on the SKM key vault, or on an SCP-capable host.

1. Generate the master key on the group leader.

SecurityAdmin:switch>cryptocfg --genmasterkey

Master key generated. The master key should be

exported before further operations are performed.

2. Export the master key to the key vault. Make a note of the key ID and the passphrase. You will

need the Key ID and passphrase should you have to restore the master key from the key vault.

SecurityAdmin:switch>cryptocfg --exportmasterkey

Enter the passphrase: passphrpase

Master key exported. Key ID:

8f:88:45:32:8e:bf:eb:44:c4:bc:aa:2a:c1:69:94:2

3. Save the master key to a file.

SecurityAdmin:switch>cryptocfg --exportmasterkey -file

Master key file generated.

4. Export the master key to an SCP-capable external host:

SecurityAdmin:switch>cryptocfg --export -scp -currentMK \

192.168.38.245 mylogin GL_MK.mk

Password:

Operation succeeded.

5. Display the group configuration.

SecurityAdmin:switch>cryptocfg --show -groupcfg

Encryption Group Name: brocade

Failback mode: Manual

Heartbeat misses: 3

Heartbeat timeout: 2

Key Vault Type: SKM

Primary Key Vault:

IP address: 10.33.54.160

Certificate ID: HPSKM_CA1

Certificate label: SKMCERT

State: Connected

Type: SKM

Secondary Key Vault not configured

NODE LIST

Total Number of defined nodes: 2

Group Leader Node Name: 10:00:00:05:1e:41:9a:7e

Encryption Group state: CLUSTER_STATE_CONVERGED

Node Name IP address Role

10:00:00:05:1e:41:9a:7e 10.32.244.71 GroupLeader(current node)

10:00:00:05:1e:39:14:00 10.32.244.60 MemberNode

6. Display the group membership information. Verify that the master key ID for all member nodes

is the same.

SecurityAdmin:switch>cryptocfg --show -groupmember -all

NODE LIST

Total Number of defined nodes:2

Group Leader Node Name: 10:00:00:05:1e:41:9a:7e

Encryption Group state: CLUSTER_STATE_CONVERGED