Re-Exporting A Master Key - Brocade Communications Systems Brocade 8/12c Administrator's Manual
Supporting hp secure key manager (skm) environments and hp enterprise secure key manager (eskm) environments
Hide thumbs
Also See for Brocade 8/12c:
- User manual (1301 pages) ,
- Command reference manual (1132 pages) ,
- Reference (362 pages)
Table of Contents
Advertisement
3
Re-exporting a master key
Policy Configuration Examples
The following examples illustrate the setting of group-wide policy parameters.
To set the failback mode to manual failback:
To set the Heartbeat misses value to 3:
To set the Heartbeat timeout value to 3 seconds:
Re-exporting a master key
With the introduction of Fabric OS v7.0.0, you can export master keys to the key vault multiple
times instead of only once. The ability to export the master key more than once enables you to
recover the master key when needed. For example, prior to Fabric OS 7.0.0, if you forgot your
passphrase that was used to export the master key, you were not able to recover the master key
from the key vault. The ability to re-export the master key in this scenario alleviates this concern.
When the master key is exported to the key vault for the first time, it is stored with the actual
master key ID. Subsequent exports are provided with additional exported key IDs that are
generated by the BES. Each additional time the master key is exported to the key vault, a different
key ID is saved.
The master key can be recovered from any export using the exported master key ID and the
corresponding passphrase.
Note the following:
•
•
The
IDs. Also shown are all exported master key IDs associated with a given (actual) master key.
NOTE
You will need to remember the exported master key ID and passphrase you used while exporting the
master key ID.
A new subcommand is available to support exporting master key IDs for a given master key.
cryptocfg --show -mkexported_keyids <MK ID>
140
SecurityAdmin:switch>cryptocfg --set -failbackmode manual
Set failback policy status: Operation Succeeded.
SecurityAdmin:switch>cryptocfg --set -hbmisses 3
Set heartbeat miss status: Operation Succeeded.
SecurityAdmin:switch>cryptocfg --set -hbtimeout 3
Set heartbeat timeout status: Operation Succeeded.
If you are upgrading to Fabric OS v7.0.0 from an earlier version, (for example, Fabric OS v6.4.x),
you can recover the master key with the master key ID. Additional exports of the master key are
allowed with the exported master key IDs.
If you are downgrading from Fabric OS v7.0.0 to an earlier version (for example, Fabric OS
v6.4.x), you can recover the master key using the master key ID that is exported in Fabric OS
v7.0.0 and its corresponding passphrase. Downgrading to earlier versions allows the master
key to be recoverable with only the master key ID.
show -localEE command shows the actual master key IDs, along with the new master key
--
Fabric OS Encryption Administrator's Guide
53-1002159-03
Advertisement
Table of Contents
Troubleshooting
