Brocade Fabric OS Command Reference Manual v6.2.0 (53-1001186-01, April 2009)
122 Fabric OS Command Reference
53-1001186-01
cryptoCfg
2
cryptocfg --eject -membernode node_WWN
cryptocfg --leave_encryption_group
cryptocfg --genmasterkey
cryptocfg --exportmasterkey [-file]
cryptocfg --recovermasterkey currentMK | alternateMK
-keyID keyID | -srcfile filename
cryptocfg --show -groupcfg
cryptocfg --show -groupmember -all | node_WWN
Description Use these cryptoCfg commands to create or delete an encryption group, to add or remove group
member nodes or key vaults, to manage keys including key recovery from backup, and to configure
group-wide policies, such as failover and Heartbeat.
An encryption group is a collection of encryption engines that share the same key vault and are
managed as a group. All EEs in a node are part of the same encryption group. Fabric OS v6.2.0
supports up to four nodes per encryption group, and up to two encryption engines per node. The
maximum number of EEs per encryption group is eight.
With the exception of the --help and --show commands, all group configuration functions must
be performed from the designated group leader. The encryption switch or blade on which you
create the encryption group becomes the designated group leader. The group leader distributes all
relevant configuration data to the member nodes in the encryption group.
The groupCfg commands includes two display options that show group configuration and group
member information. Refer to the Appendix of the Fabric OS Encryption Administrator’s Guide for a
more comprehensive explanation of system states.
Use --show -groupcfg to display encryption group and member configuration parameters,
including the following:
• Encryption group name
• Encryption group policies:
- Failback mode: Auto or Manual
- Heartbeat misses: value
- Heartbeat timeout: value in seconds
• For each configured key vault, primary and secondary, the command shows:
- IP address
- Certificate ID
- Certificate label: user-generated file name
- State: connected, disconnected, up, authentication failure, or unknown.
- Key vault type: LKM, RKM, SKM
If an SKM key vault is configured in HA mode, no connection information is displayed
because the system is unable to detect the connection status of an SKM appliance in an
HA configuration. Refer to the example section for an illustration.
• Node list display includes:
- Total number of defined nodes