Brocade Fabric OS Command Reference (Supporting Fabric OS v7.3.0) User Manual

Fabric OS Command Reference

193

53-1003131-01

cryptoCfg

2

once. Each time you export the same master key, the associate key ID is
incremented, and both the master key ID and the associate key are displayed.
Make a note of the key ID, because you will need same key ID is to restore the
master key from backup.

--recovermasterkey

Restores the master key from backup. This command is valid only on the group
leader. This command prompts for a pass phrase:

passphrase

Specifies the pass phrase for recovering the master key. The pass phrase must be
the same that was used to back up the master key with the --exportmasterkey
command.

currentMK | alternateMK

Specifies whether the master key should be restored to the current position or the
alternate position. This command replaces the specified existing master key and
should be exercised with caution. A master key is typically restored to the
alternate position to enable decryption of older data encryption keys (DEKs) that
were encrypted in that master key.

-keyID keyID

Specifies the associative master key ID. This option restores the master key from
the key vault. The associative master key ID was returned when it was backed up
to the key vault with the --exportmasterkey command. The -keyID and the
-srcfile options are mutually exclusive.

-srcfile filename

Specifies the file name when restoring the master key from a file in the
predetermined directory on the switch. Use this operand when the master key was
backed up to a file rather than to a key vault. The -keyID and the -srcfile
operands are mutually exclusive.

--show -mkexported_keyids key_id

Displays all exported key IDs used to store a particular master key on keyvault.
The key ID must be in the format displayed in the output of the cryptocfg --show
-localEE command. This command is valid on any node connected to the key
vault.

--show -groupcfg

Displays the group-wide encryption policy configuration. This command is valid on
all member nodes and on the group leader.

--show -groupmember

Displays detailed information for all encryption group members or for a single
member. This command is valid on all member nodes and on the group leader.
The following required operands are mutually exclusive:

-all

Displays information on all nodes in the existing encryption group.

node_WWN

Displays information on a single specified node. The node is identified by its node
WWN.

--show -egstatus

Displays encryption group configuration or status information for all nodes in the
encryption group. The following operands are exclusive:

-cfg

Displays encryption group configuration information.

-stat

Displays encryption group status information.