Brocade Fabric OS Command Reference Manual Supporting Fabric OS v7.0.0 (April 2011)
Fabric OS Command Reference 159
53-1001764-01
cryptoCfg
22
--dereg -membernode
Removes the registration for the specified member node. This command is valid
only on the group leader. The node is identified by the switch WWN.
member_node_WWN
Specifies the member node by its switch WWN. This operand is required when
removing a node registration.
--dhchallenge
Establishes a link key agreement protocol between a node and an instance of the
primary or backup NetApp Lifetime Key Management (LKM) appliance. This
command generates the Diffie-Hellman challenge that is passed from the node to
the specified NetApp LKM appliance. When quorum authentication is enabled and
the quorum size is greater than zero, this operation requires authentication of a
quorum of authentication cards. This command is valid on all nodes.
vault_IP_addr
Specifies the IP address of the NetApp LKM appliance. This operand is required.
--dhresponse
Accepts the LKM Diffie-Hellman response from the specified NetApp LKM
appliance and generates the link key on the node on which this command is
issued. The DH response occurs by an automatic trusted link establishment
method. The LKM appliance must be specified by its vault_IP_addr. The DH
challenge request must be approved on the Net App LKM appliance for this
command to succeed. When quorum authentication is enabled (Quorum Size is >
0), this operation requires authentication of a quorum of authentication cards.
vault_IP_addr
Specifies the IP address of the NetApp LKM appliance. This operand is required.
--zeroizeEE
Zeroizes all critical security parameters on the local encryption switch or blade
including all data encryption keys. This command is valid on all nodes. This
operation causes the encryption switch to reboot. When issued on a chassis, it
power-cycles the encryption blade only. This command prompts for confirmation
and should be exercised with caution.
slot
Specifies the slot number of the encryption engine to be zeroized on a bladed
system.
--delete -file
Deletes an imported file. The file must be specified by its local name. This
command is valid on all nodes.
local_name
Specifies the file to be deleted from the local directory where certificates are
stored.
--reg -KAClogin
Registers the node KAC login credentials (username and password) with the
configured key vaults. This command is valid only for the Thales nCipher (NCKA)
and HP SKM key vaults. This command must be run on each member node.
primary | secondary
Specifies the key vault as primary or secondary.
For the NCKA, run this command on both a primary and a secondary key vault.
The system generates a username based on the switch WWN. The username
and group under which the username should be created on the key vault are
displayed when the command is executed. Configure the password on the switch
and create the same username on the key vault.