Deployment Guide
196 Fabric OS Command Reference
53-1003131-01
cryptoCfg
2
To export the master key to a file:
SecurityAdmin:switch> cryptocfg --exportmasterkey -file
Enter the passphrase: **********
Master key file generated.
To export the master key file to an external host:
SecurityAdmin:switch> cryptocfg --export -scp \
-currentMK 192.168.38.245 mylogin GL_MK.mk
Password:*************
Operation succeeded.
To recover the master key from the key vault to the current location:
SecurityAdmin:switch> cryptocfg --recovermasterkey currentMK -keyID \
bd:ae:2d:0b:b9:1a:ad:18:0d:eb:fe:c9:67:ed:29:b0
Enter the passphrase: passphrase
Recover master key status: Operation succeeded.
To display the saved key IDs associated with a repeatedly exported master key
SecurityAdmin:switch> cryptocfg --show \
-mkexported_keyids e3:ae:aa:89:ec:12:0c:04:29:61:9c:99:44:a3:9b:92
e3:ae:aa:89:ec:12:0c:04:29:61:9c:99:44:a3:9b:92
e3:ae:aa:89:ec:12:0c:04:29:61:9c:99:44:a3:9b:93
e3:ae:aa:89:ec:12:0c:04:29:61:9c:99:44:a3:9b:94
e3:ae:aa:89:ec:12:0c:04:29:61:9c:99:44:a3:9b:95
e3:ae:aa:89:ec:12:0c:04:29:61:9c:99:44:a3:9b:96
e3:ae:aa:89:ec:12:0c:04:29:61:9c:99:44:a3:9b:97
e3:ae:aa:89:ec:12:0c:04:29:61:9c:99:44:a3:9b:98
e3:ae:aa:89:ec:12:0c:04:29:61:9c:99:44:a3:9b:99
Operation Succeeded.
To display the encryption group configuration:
SecurityAdmin:switch> cryptocfg --show -groupcfg
Encryption Group Name: system_test
Failback mode: Auto
Replication mode: Disabled
Heartbeat misses: 3
Heartbeat timeout: 2
Key Vault Type: LKM
System Card: Disabled
Primary Key Vault:
IP address: 10.32.49.200
Certificate ID: 3D2-LKM3-B05-200
Certificate label: LKM200
State: Connected
Type: LKM
Secondary Key Vault:
IP address: 10.32.49.201
Certificate ID: 3D2-LKM4-B05-201
Certificate label: LKM201
State: Connected
Type: LKM
Additional Primary Key Vault Information::