beautypg.com

Brocade Fabric OS Encryption Administrator’s Guide Supporting HP Secure Key Manager (SKM) and HP Enterprise Secure Key Manager (ESKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 173

background image

Fabric OS Encryption Administrator’s Guide (SKM/ESKM)

153

53-1002923-01

Generating and backing up the master key

3

3. Save the master key to a file.

SecurityAdmin:switch> cryptocfg --exportmasterkey -file

Master key file generated.

4. Export the master key to an SCP-capable external host:

SecurityAdmin:switch> cryptocfg --export -scp -currentMK \

192.168.38.245 mylogin GL_MK.mk

Password:

Operation succeeded.

5. Display the group membership information. Verify the master key ID for all member nodes is

the same.

SecurityAdmin:switch> cryptocfg --show -groupmember -all

NODE LIST

Total Number of defined nodes:2

Group Leader Node Name: 10:00:00:05:1e:41:9a:7e

Encryption Group state: CLUSTER_STATE_CONVERGED

Node Name:

10:00:00:05:1e:41:9a:7e (current node)

State:

DEF_NODE_STATE_DISCOVERED

Role:

GroupLeader

IP Address:

10.32.244.71

Certificate:

GL_cpcert.pem

Current Master Key State: Configured

Current Master KeyID: 8f:88:45:32:8e:bf:eb:44:c4:bc:aa:2a:c1:69:94:2

Alternate Master Key State: Not configured

Alternate Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

EE Slot:

0

SP state:

Waiting for enableEE

Current Master KeyID: 8f:88:45:32:8e:bf:eb:44:c4:bc:aa:2a:c1:69:94:2

Alternate Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

No HA cluster membership

Node Name:

10:00:00:05:1e:39:14:00

State:

DEF_NODE_STATE_DISCOVERED

Role:

MemberNode

IP Address:

10.32.244.60

Certificate:

enc1_cpcert.pem

Current Master Key State: Configured

Current Master KeyID: 8f:88:45:32:8e:bf:eb:44:c4:bc:aa:2a:c1:69:94:2

Alternate Master Key State: Not configured

Alternate Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

EE Slot:

0

SP state:

Waiting for enableEE

Current Master KeyID: 8f:88:45:32:8e:bf:eb:44:c4:bc:aa:2a:c1:69:94:2

Alternate Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

No HA cluster membership

6. Display encryption group member information. This example shows the encryption group

brocade with two member nodes, one group leader and one regular member. No key vault or
HA cluster is configured, and the values for master key IDs are zero.

SecurityAdmin:switch> cryptocfg --show -groupmember -all

NODE LIST

Total Number of defined nodes:2

See also other documents in the category Brocade Computer Accessories: