Brocade Fabric OS Encryption Administrator's Guide Supporting Fabric OS v6.2.0 (53-1001201-04, May 2009)
Encryption Administrator’s Guide 79
53-1001201-04
Master keys
2
Saving a master key to a smart card set
You can back up the master key to the key vault, to a file, or to a smart card set. Use the following
procedure to save the master key to a recovery (smart card) set. The passphrase that is used to
back up the master key must be used to restore the master key.
This method requires a locally attached card reader. Recovery cards can only be written once to
back up a single master key. Each master key backup operation requires a new set of previously
unused smart cards.
NOTE
Windows operating systems do not require smart card drivers to be installed separately; the driver
is bundled with the operating system. You must install a smart card driver for Linux and Solaris
operating systems, however. For instructions, see the Data Center Fabric Manager Administrator’s
Guide.
The key is divided between the cards in the card set. When the master key is backed up to a set of
three cards, a minimum of two cards can be used together to restore the master key. When the
master key is backed up to a set of five cards, a minimum of three cards can be used together to
restore the master key. Backing up the master key to multiple recovery cards is the recommended
and most secure option.
NOTE
When you write the key to the card set, be sure you write the full set without canceling. If you cancel,
all the previously written cards become unusable, and you will need to discard them and create a
new set.
1. Select Configure > Encryption from the menu bar.
The Configure Encryption dialog box displays.
2. Select an encryption group from the tree, and click Properties.
3. Select the Security tab.
4. Select Backup Master Key as the Master Key Action.
The Backup Master Key for Encryption Group dialog box displays.