Exporting an additional key id, Viewing the master key ids – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual
Page 174
154
Fabric OS Encryption Administrator’s Guide (DPM)
53-1002922-01
Re-exporting a master key
3
The exported key ID is displayed with the master key ID, as shown in the examples to follow:
Example: Initial master key export
SecurityAdmin:switch> cryptocfg --exportmasterkey
Enter passphrase:
Confirm passphrase:
Master key exported.
MasterKey ID: 1a:e6:e4:26:6b:f3:81:f7:d8:eb:cc:0f:09:7a:a4:7e
Exported Key ID: 1a:e6:e4:26:6b:f3:81:f7:d8:eb:cc:0f:09:7a:a4:7e
Exporting an additional key ID
Example: Subsequent master key exports.
SecurityAdmin:switch> cryptocfg --exportmasterkey
Enter passphrase:
Confirm passphrase:
Master key exported.
MasterKey ID: 1a:e6:e4:26:6b:f3:81:f7:d8:eb:cc:0f:09:7a:a4:7e
Exported Key ID: 1a:e6:e4:26:6b:f3:81:f7:d8:eb:cc:0f:09:7a:a4:7f
SecurityAdmin:switch> cryptocfg --exportmasterkey
Enter passphrase:
Confirm passphrase:
Master key exported.
MasterKey ID: 1a:e6:e4:26:6b:f3:81:f7:d8:eb:cc:0f:09:7a:a4:7e
Exported Key ID: 1a:e6:e4:26:6b:f3:81:f7:d8:eb:cc:0f:09:7a:a4:80
Example: Recovering a master key using master key ID from the second master key export
SecurityAdmin:switch> cryptocfg --recovermasterkey currentMK -keyID
15:30:f0:f3:5c:2b:28:ce:cc:a7:b4:cd:7d:2a:91:fc
Enter passphrase:
Recover master key status: Operation Succeeded.
Viewing the master key IDs
The show localEE command shows the actual master key IDs, along with the new master key IDs.
Also shown are all exported master key IDs associated with a given (actual) master key.
NOTE
You will need to remember the exported master key ID and passphrase you used while exporting the
master key ID.
A new subcommand is available to support exporting master key IDs for a given master key.
SecurityAdmin:switch> cryptocfg --show -mkexported_keyids <MK ID>