Brocade Fabric OS Command Reference Manual Supporting Fabric OS v6.3.0 (53-1001337-01, July 2009)
160 Fabric OS Command Reference
53-1001337-01
cryptoCfg
2
-keyID keyID Specifies the Key ID. Use this operand only if the LUN was encrypted but does
not include the metadata containing the keyID for the LUN. This is a rare case
for LUNS encrypted in Brocade native mode. However for LUNS encrypted
with DataFort v2.0, a Key ID is required, because these LUNs do not contain
any metadata. This operand is not valid for tape LUNs.
-encryption_format native | DF_compatible
Specifies the LUN encryption format. Two encryption formats are supported:
native The LUN uses the Brocade metadata format and algorithm for the
encryption and decryption of data. This is the default mode.
DF_compatible The LUN uses the NetApp DataFort metadata format and algorithm for
the encryption and decryption of data. Use of this format requires a
NetApp DataFort-compatible license to be present on the encryption
switch or the chassis that houses the encryption blade.
-encrypt | -cleartext
Enables or disables the LUN for encryption. By default, cleartext is enabled
(no encryption). When the LUN policy is changed from encrypt to cleartext,
the following policy parameters become disabled (default) and generate
errors when executed: -enable_encexistingdata, -enable_rekey, and
-key_lifespan. When a LUN is added in DF -compatible Encryption Format,
-cleartext is rejected as invalid.
-enable_encexistingdata | -disable_encexistingdata
Specifies whether or not existing data should be encrypted. The Encryption
policy must be enabled on the LUN before the -enable_encexistingdata can
be set and the LUN state must be set to -cleartext. By default, encryption of
existing data is disabled. If LUN policy is set to -encrypt, the encryption of
existing data must be enabled, or existing data is not preserved. This policy is
not valid for tape LUNs.
-enable_rekey time_period | -disable_rekey
Enables or disables the auto re-keying capability on the specified disk LUN.
This operand is not valid for tape LUNs. By default, the automatic re-key
feature is disabled. Enabling automatic re-keying is valid only if the LUN policy
is set to encrypt. You must specify a time_period in days when enabling auto
Re-keying to indicate the interval at which automatic re-keying should take
place.
-key_lifespan time_in_days | none
Specifies the lifespan of the encryption key in days. The key will expire after
the specified number of days. Accepted values are integers from 1 to
2982616. The default value is none, which means, the key does not expire.
This operand is valid only for tape LUNs. The key lifespan cannot be modified
after it is set.
--modify -LUN Modifies the encryption policies of one or more LUNs in a specified CTC. This
command is valid only on the group leader. The following operands are
required when modifying a LUN:
crypto_target_container_name
Specifies the name of the CTC to which the LUNs belong.