Brocade Fabric OS Encryption Administrator's Guide v6.3.0 (53-1001341-02, July 2009)
68 Encryption Administrator’s Guide
53-1001341-02
Master keys
2
Alternate master key
The alternate master key is used to decrypt data encryption keys that were not encrypted with the
active master key. Restore the alternate master key for the following reasons:
• To read an old tape that was created when the group used a different active master key.
• To read a tape (or disk) from a different encryption group that uses a different active master
key.
Master key actions
Master key actions are as follows:
• Backup master key, which is enabled any time a master key exists.
• Restore master key, which is enabled when no master key exists or the previous master key
has been backed up.
• Create new master key, which is enabled when no master key exists or the previous master
key has been backed up.
Reasons master keys can be disabled
Master key actions are disabled if unavailable. There are several ways a master key can be
disabled:
• The user does not have Storage Encryption Security permissions. See “Encryption user
privileges” on page 17 for more information.
• The group leader is not discovered or managed by the Management application.
Saving the master key to a file
Use the following procedure to save the master key to a file.
1. Select Configure > Encryption from the menu bar.
The Encryption Center dialog box displays.
2. Select an encryption group from the tree, and click Properties.
NOTE
Master keys belong to the group and are managed from the group properties.
3. Select the Security tab.
4. Select Backup Master Key as the Master Key Action.
The Master Key Backup dialog box displays, but only if the master key has already been
generated.