Enabling the encryption recovery key

You can use the management GUI or the command-line interface (CLI) to enable the encryption recovery key.

Using the management GUI

To enable the encryption recovery key while enabling encryption on the system for the first time, complete these steps:
  1. In the management GUI, select Settings > Security > Encryption and click Enable Encryption.
  2. Once enabled, the encryption recovery key page will be displayed. Click Generate recovery key to generate key and begin the enablement process.
    Note: The encryption recovery key will not be redisplayed after completing the wizard.
  3. Enter the encryption recovery key into the input field and click Finish.
  4. If entered correctly, an information message should appear to state the recovery key has been entered correctly. Click Close. The encryption recovery key is enabled and can be used to unlock the system.

To enable the encryption recovery key while also enabling a second encryption method (such as USB flash drives encryption, key server encryption, or internal key management encryption), toggle the corresponding drop-down menu on the Settings > Security > Encryption page and click Configure. Follow the wizard to enable the selected encryption method.

Using the command-line interface

To enable the encryption recovery key while both USB flash drives encryption and key server encryption are already enabled, you must use the command-line interface to configure the recovery key. Refer to the chencryption command.

Follow these steps to the enable encryption recovery key:
  1. Enter the following command to enable the recovery key:
    chencryption -recoverykey enable
  2. Enter the following command to prepare a new recovery key:
    chencryption -recoverykey newkey -key prepare
    The new recovery key will be displayed on screen.
    Note: The recovery key is sensitive and must be stored in a safe location.
  3. To confirm that the recovery key has been stored correctly, the system requires the recovery key to be confirmed. To confirm the recovery key, run the following command and enter the new recovery key when prompted:
    chencryption -recoverykey newkey -key confirm
    Enter the new recovery key for the system:
    A confirmation message is displayed when the recovery key has been entered correctly.
  4. Commit the recovery key by running the following command:
    chencryption -recoverykey newkey -key commit