Generating and backing up the master key – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual

Fabric OS Encryption Administrator’s Guide (KMIP)

163

53-1002747-02

Generating and backing up the master key

3

Additional Secondary Key Vault Information:
Key Vault/CA Certificate Validity: Yes
Port for Key Vault Connection: N/A
Time of Day on Key Server: N/A
Server SDK Version: N/A

Encryption Node (Key Vault Client) Information:
Node KAC Certificate Validity: Yes
Time of Day on the Switch: 2010-10-22 10:25:22
Client SDK Version: N/A
Client Username: N/A
Client Usergroup: N/A
Connection Timeout: 10 seconds
Response Timeout: 10 seconds
Connection Idle Timeout: N/A

Key Vault configuration and connectivity checks successful, ready for key
operations.

Authentication Quorum Size: 0
Authentication Cards not configured

NODE LIST
Total Number of defined nodes: 2
Group Leader Node Name: 10:00:00:05:1e:94:3a:00
Encryption Group state: CLUSTER_STATE_CONVERGED

Node Name IP address Role
10:00:00:05:1e:94:3a:00 10.18.228.27 GroupLeader
EE Slot: 7
SP state: Online

10:00:00:05:1e:54:16:53 10.18.235.56 MemberNode (current node)
EE Slot: 0
SP state: Waiting for regEE

Generating and backing up the master key

You must generate a master key on the group leader, and export it to a secure backup location so
that it can be restored, if necessary. The master key is used to encrypt DEKs for transmission to
and from a KMIP.

The backup location may be a KMIP, a local file, or a secure external SCP-capable host. All three
options are shown in the following procedure. Note that the Brocade SAN management application
provides the additional option of backing up the master key to system cards.

1. Generate the master key on the group leader.

SecurityAdmin:switch> cryptocfg --genmasterkey
Master key generated. The master key should be
exported before further operations are performed.