Brocade Communications Systems Brocade 8/12c Command Reference Manual page 205

--exportmasterkey
--recovermasterkey
--show -mkexported_keyids key_id
--show -groupcfg
Fabric OS Command Reference
53-1001764-01
Exports the current master key encrypted in a key generated from a specified
pass phrase. By default this command backs up the key to the attached key
vaults, or optionally to a predetermined file on the switch. This command is valid
only on the group leader. This command prompts for a pass phrase.
passphrase
Specifies the pass phrase for the master key encryption. A pass phrase must be
between 8 and 40 characters in length and can contain any character
combination. Make a note of the pass phrase, because the same pass phrase is
required to restore the master key from backup. This operand is required.
-file
Stores the encrypted master key in a predetermined file on the switch. This
operand is optional. If the -file operand is not specified, the encrypted master key
is stored in the attached key vaults, using a unique associate Key ID for tracking
the export. Upon execution, this command displays both the associated Key ID
and the master key ID. You can export the master key to the key vault more than
once. Each time you export the same master key, the associate key ID is
incremented, and both the master key ID and the associate key are displayed.
Make a note of the key ID, because you will need same key ID is to restore the
master key from backup.
Restores the master key from backup. This command is valid only on the group
leader. This command prompts for a pass phrase:
passphrase
Specifies the pass phrase for recovering the master key. The pass phrase must be
the same that was used to back up the master key with the --exportmasterkey
command.
currentMK | alternateMK
Specifies whether the master key should be restored to the current position or the
alternate position. This command replaces the specified existing master key and
should be exercised with caution. A master key is typically restored to the
alternate position to enable decryption of older data encryption keys (DEKs) that
were encrypted in that master key.
-keyID keyID
Specifies the associative master key ID. This option restores the master key from
the key vault. The associative master key ID was returned when it was backed up
to the key vault with the --exportmasterkey command. The -keyID and the
-srcfile options are mutually exclusive.
-srcfile filename
Specifies the file name when restoring the master key from a file in the
predetermined directory on the switch. Use this operand when the master key was
backed up to a file rather than to a key vault. The -keyID and the -srcfile
operands are mutually exclusive.
Displays all exported key IDs used to store a particular master key on keyvault.
The key ID must be in the format displayed in the output of the cryptocfg --show
-localEE command. This command is valid on any node connected to the key
vault.
Displays the group-wide encryption policy configuration. This command is valid on
all member nodes and on the group leader.
22
cryptoCfg
171