Saving A Master Key To A Smart Card Set - Brocade Communications Systems Brocade 8/12c Administrator's Manual

2
Master keys

Saving a master key to a smart card set

A card reader must be attached to the SAN Management application PC to complete this
procedure. Recovery cards can only be written once to back up a single master key. Each master
key backup operation requires a new set of previously unused smart cards.
NOTE
Windows operating systems do not require smart card drivers to be installed separately; the driver
is bundled with the operating system. However, you must install a smart card driver for Unix
operating systems. For instructions, refer to the Installation Guide.
The key is divided among the cards in the card set, up to 10. The quorum of cards required to
restore the master key must be less than the total number of cards in the set, and no greater than
five. For example, when the master key is backed up to a set of three cards, a quorum of any two
cards can be used together to restore the master key. When the master key is backed up to a set of
10 cards, a quorum size of up to 5 cards can be configured for restoring the master key.. Backing
up the master key to multiple recovery cards is the recommended and most secure option.
NOTE
When you write the key to the card set, be sure you write the full set without canceling. If you cancel,
all previously written cards become unusable, and you will need to discard them and create a new
set.
1. Select Configure > Encryption from the menu task bar.
2. Select a group from the Encryption Center Devices table, then select Group > Security from the
3. Select Backup Master Key as the Master Key Action.
82
The Encryption Center dialog box displays.
menu task bar, or right-click a group and select Security.
The Encryption Group Properties dialog box displays with the Security tab selected.
The Backup Master Key for Encryption Group dialog box displays.
Fabric OS Encryption Administrator's Guide
53-1002159-03