Enabling the encryption recovery key
You can use the management GUI or the command-line interface (CLI) to enable the encryption recovery key.
Using the management GUI
To enable the encryption recovery key while enabling encryption on the system
for the first time, complete these steps:
- In the management GUI, select Enable Encryption. and click
- Once enabled, the encryption recovery key page will be displayed. Click Generate
recovery key to generate key and begin the enablement process.Note: The encryption recovery key will not be redisplayed after completing the wizard.
- Enter the encryption recovery key into the input field and click Finish.
- If entered correctly, an information message should appear to state the recovery key has been entered correctly. Click Close. The encryption recovery key is enabled and can be used to unlock the system.
To enable the encryption recovery key while also enabling a second encryption method (such as USB flash drives encryption, key server encryption, or internal key management encryption), toggle the corresponding drop-down menu on the page and click Configure. Follow the wizard to enable the selected encryption method.
Using the command-line interface
To enable the encryption recovery key while both USB flash drives encryption and key server encryption are already enabled, you must use the command-line interface to configure the recovery key. Refer to the chencryption command.
Follow these steps to the enable encryption recovery key:
- Enter the following command to enable the recovery
key:
chencryption -recoverykey enable
-
Enter the following command to prepare a new recovery key:
The new recovery key will be displayed on screen.chencryption -recoverykey newkey -key prepare
Note: The recovery key is sensitive and must be stored in a safe location. - To confirm that the recovery key has been stored correctly, the system requires the recovery key
to be confirmed. To confirm the recovery key, run the following command and enter the new recovery
key when prompted:
A confirmation message is displayed when the recovery key has been entered correctly.chencryption -recoverykey newkey -key confirm Enter the new recovery key for the system:
- Commit the recovery key by running the following
command:
chencryption -recoverykey newkey -key commit