How Can I Recover Encryption Key Files of Disks?

Question

How can I recover encryption key files of disks?

Answer

Some operations must be performed in developer and minisystem modes on the CLI. Therefore, it is recommended that you contact Huawei technical support engineers to recover encryption key files of disks.

1. Export the latest encryption key files of disks on the storage system.
   1. Log in to DeviceManager.
   2. Choose Settings > Key Service. In the function pane, click Export Internal Keys to export the keys manually on the browser.

2. Obtain the encryption keys on the backup server.

   Use the user name and password configured in Configuring the Internal Key Management Service to log in to the backup server and obtain the encryption key files from the set path.

3. After analysis, select encryption key files that can be used for key recovery.
4. Log in to the CLI and enter the developer mode. Run the import kms key command to import the encryption key files and recover keys.

   developer:/>import kms key ip=10.10.10.1 user=admin password=****** path=InnerKey.dat protocol=FTP 
   WARNING: You are about to import a key file of the internal key management service, which will overwrite the original key data. If the operation is inappropriate, it may cause the internal key management service to lose some key. 
   Suggestion:  
   1. Confirm that the key file to be imported is up-to-date, and back up the key of the internal key management service of the current system before the import. 
   2. During the key import, creating, updating, and deleting the disk domain of self-encrypting disks are all forbidden. 
   Have you read warning message carefully?(y/n)y 
     
   Are you sure you really want to perform the operation?(y/n)y 
   Password:************** 
   Command executed successfully.

   When keys are being recovered, do not perform any operation on self-encrypting storage pools.