No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Disk Encryption User Guide

OceanStor V5 Series V500R007

This document is applicable to OceanStor 5110 V5, 5110F V5, 5300 V5, 5300F V5, 5500 V5, 5500F V5, 5600 V5, 5600F V5, 5800 V5, 5800F V5, 6800 V5, 6800F V5, 18500 V5, 18500F V5, 18800 V5, and 18800F V5. It introduces how to install and configure key management servers connected to the storage systems that use self-encrypting disks.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How Can I Recover Encryption Key Files of Disks?

How Can I Recover Encryption Key Files of Disks?

Question

How can I recover encryption key files of disks?

Answer

Some operations must be performed in developer and minisystem modes on the CLI. Therefore, it is recommended that you contact Huawei technical support engineers to recover encryption key files of disks.

  1. Export the latest encryption key files of disks on the storage system.

    1. Log in to DeviceManager.
    2. Choose Settings > Storage Settings > Value-added Service Settings > Key Service.
    3. Click Export Internal Keys to export the key files manually on a browser.

  2. Obtain the encryption key files locally exported on the storage system and backed up on the backup server.

    NOTE:

    If Key Backup is not selected on the storage system, you can only obtain locally exported encryption key files.

    • Obtain the local encryption key files on the storage system.
      1. Log in to the CLI and enter the minisystem mode.
      2. Run the ls command to view the path where encryption key files are saved (/OSM/coffer_data/omm/kmm).
      3. Run the mv command to move the encryption key files to /OSM/export_import.
        NOTE:

        This directory varies with the product models.

        admin:/>change user_mode current_mode user_mode=developer 
        developer:/>minisystem 
        Command is executable now. 
         
        developer:/>minisystem 
        -----------------System Information----------------- 
        |  Product Version     |   VX00R00XCXX             | 
        |  System  Version     |   X.XX.XX.XXX             | 
        |  Patch   Version     |                           | 
        |  Release Time        |   2017-08-31_00:42:58     | 
        ---------------------------------------------------- 
        Storage: minisystem> ls /OSM/coffer_data/omm/kmm 
        23879060714312975121_KMM_IKMS_KEY_20170901150217_1.dat 
        Storage: minisystem> mv /OSM/coffer_data/omm/kmm/23879060714312975121_KMM_IKMS_KEY_20170901150217_1.dat /OSM/export_import 
        Storage: minisystem> 
      4. Log in to the FTP server as the user admin to obtain the encryption key files.

  3. After analysis, select encryption key files that can be used for key recovery.
  4. Log in to the CLI and enter the developer mode. Run the import kms key command to import the encryption key files and recover keys.

    developer:/>import kms key ip=10.10.10.1 user=admin password=****** path=InnerKey.dat protocol=FTP
    WARNING: You are about to import a key file of the internal key management service, which will overwrite the original key data. If the operation is inappropriate, it may cause the internal key management service to lose some key.   
    Suggestion:    
    1. Confirm that the key file to be imported is up-to-date, and back up the key of the internal key management service of the current system before the import.   
    2. During the key import, creating, updating, and deleting the disk domain of self-encrypting disks are all forbidden.   
    Have you read warning message carefully?(y/n)y       
    Are you sure you really want to perform the operation?(y/n)y   
    Password:**************   
    Command executed successfully.

    When keys are being recovered, do not perform any operation on self-encrypting disk domains.

Translation
Download
Updated: 2019-07-11

Document ID: EDOC1000181504

Views: 22900

Downloads: 181

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next