Brocade Fabric OS Command Reference Manual v6.2.0 (53-1001186-01, April 2009)
Fabric OS Command Reference 117
53-1001186-01
cryptoCfg
2
Operands The cryptoCfg node initialization and configuration function has the following operands:
--help -nodecfg Displays the synopsis for the node initialization and configuration function.
This command is valid on all nodes.
--initnode Initializes the node to prepare for the configuration of encryption options.
Initialization must be performed on every node before configuration options
may be set and encryption may be enabled.
This command prompts for confirmation, because the initnode function
overwrites any previously generated identification or authentication data on
the node. Successful execution generates the node CP certificate, the key
authentication center (KAC) certificate, the FIPS Crypto Officer, and the FIPS
User key pairs.
Some of the certificates generated with this command may need to be
exported so that they can be registered with external entities, such as the key
vault or the group leader, for mutual authentication. Refer to the Fabric OS
Encryption Administrator’s Guide for details.
The --initnode function must be performed before the --initEE function may
be performed.
--initEE Initializes the encryption engine (EE). This command generates critical
security parameters (CSPs) and certificates in the CryptoModule’s security
processor (SP). The CP and the SP perform a certificate exchange to register
respective authorization data. Initialization must be performed on every
encryption engine before configuration options may be set and encryption
may be enabled.
This command prompts for confirmation, because it overwrites any previously
generated identification or authentication data on the SP. Existing key
encryption keys (KEKs) such as link keys or master keys are erased. If this is
not a first-time initialization, make sure to export the master key before
running this command. If the encryption engine was configured with an LKM
key vault, you will have to reconfigure the key vault to regenerate the Trusted
Link after initializing the encryption engine.
The --initnode function must be performed before the --initEE function may
be performed.
slot_number Specifies the slot number of the encryption engine to be initialized. This
operand is required on bladed systems.
--regEE Registers a previously initialized encryption engine with the CP or chassis.
The CP and the specified encryption engine perform a certificate exchange to
register respective authorization lists across the encryption engine’s FIPS
boundary. The encryption blade's certificate is registered with the CP. The CP,
FIPS Crypto Officer, and FIPS User certificate are registered with the specified
encryption engine.
slot_number Specifies the slot number of the encryption engine to be registered. This
operand is required on bladed systems.