mkreckey

The mkreckey command is for users with security administrator authority. It is the first step in creating a new recovery key when no key currently exists.

If a key does exist, the security administrator must use the managereckey -action rekey command to rekey an existing key. The command returns the new key which the security administrator should copy to a safe place. The next step requires a security administrator to verify the new recovery key with the managereckey command.

Read syntax diagramSkip visual syntax diagrammkreckey -dev  storage_image_ID  key_group_ID   "-"

Parameters

-dev storage_image_ID
(Optional) The storage image ID, which includes manufacturer, machine type, and serial number. For example, IBM.2107-75FA120. The storage image ID is required if you do not specify a fully qualified key group ID, do not set the devid variable in your profile or through the setenv command, and the HMC is aware of more than one storage image. Using the -dev parameter will temporarily override any defined value for devid for the current command.
key_group_ID | -
(Required) The key group ID for the new recovery key that you want to create. The key group ID is a decimal number that ranges from 1 to N, where N is the maximum number of key groups supported by the storage system. Use the showsi command to determine this maximum number. If you use the dash (-), the specified value is read from standard input. You cannot use the dash (-) while you are in the DS CLI interactive command mode.

Example: Making a recovery key.

dscli> mkreckey -dev IBM.2107-75FA120 1

Output:

The Recovery Key 0123-4567-8912-3586-0123-4567-8912-3586-01
23-4567-8912-3586-0123-4567-8912-3586 for encryption group 1 
has been created, verification pending.