Go to main content

Oracle® ZFS Storage Appliance 管理指南,发行版 OS8.8.x

退出打印视图

更新时间: 2021 年 8 月
 
 

配置 LOCAL(本地)密钥库加密 (CLI)

要使用 LOCAL(本地)密钥库配置加密,请先设置主密码短语,然后创建密钥。有关加密属性的信息,请参见加密属性

  1. 配置 LOCAL(本地)密钥库加密。

    要配置 LOCAL(本地)密钥库加密,请设置主密码短语。

    hostname:> shares encryption
    hostname:shares encryption> show
    Children:
                                local => Manage LOCAL keystore
                                  okm => Register keys with Oracle Key Manager
    
    hostname:shares encryption> local
    hostname:shares encryption local> show
    Properties:
                 master_passphrase =
    
    Children:
                           keys => Manage this Keystore's Keys
    
    hostname:shares encryption local> set master_passphrase
    Enter new master_passphrase:
    Re-enter new master_passphrase:
                 master_passphrase = (set) (uncommitted)
    b7420-16m:shares encryption local> commit
    b7420-16m:shares encryption local> show
    Properties:
                 master_passphrase = (set)
    
    Children:
                           keys => Manage this Keystore's Keys
  2. 创建 LOCAL(本地)密钥。

    要创建密钥,请输入密钥名称。keyname 属性的值是向池、项目或共享资源分配密钥时在 CLI 和 BUI 中使用的名称。

    可以将 key 属性留空,系统将生成一个随机的密钥值;也可以输入一个十六进制编码的原始 256 位密钥值。在以下示例中,系统生成 key 值。

    密钥使用步骤 1 中的主密码短语以加密格式存储。

    hostname:shares encryption local> keys
    hostname:shares encryption local keys> show
    Keys:
    
    NAME     CREATED               CIPHER KEYNAME
    Properties:
                            cipher = AES
                               key =
                           keyname = (unset)
    hostname:shares encryption local> create
    hostname:shares encryption local key-000 (uncommitted)> set keyname=Key-0
                           keyname = Key-0 (uncommitted)
    hostname:shares encryption local key-000 (uncommitted)> commit
    hostname:shares encryption local keys> show
    Keys:
    
    NAME     CREATED               CIPHER KEYNAME
    key-000  2019-7-1 18:43:33     AES    Key-0
    hostname:shares encryption local keys> select key-000
    hostname:shares encryption local key-000> show
    Properties:
                            cipher = AES
                               key = ce968122d0bba26c3d66b6985ee358d18a786607f80eb4ebd834e4404fe8aa84
                           keyname = Key-0

相关主题