Listing AES secure keys contained in the secure key repository
Use the zkey list command to display a list of secure keys contained in the secure key repository.
You can filter the displayed list by key name, key type, associated volumes, associated cryptographic coprocessors (APQNs), and volume type. You can use wildcards for the key name, associated APQNs, and associated volumes. The device-mapper name of an associated volume can be omitted. If it is specified, then only those keys are listed that are associated with the specified volume and device-mapper name. The list command displays the attributes of the secure keys, such as key sizes, whether it is a secure key that can be used for the XTS cipher mode, the textual description, associated cryptographic coprocessors (APQNs) and volumes, the sector size, the key verification pattern, and time stamps for key creation, last modification and last re-encipherment.
Examples: Assuming there is only one secure key (secure_xtskey1) matching
the specified filters, the following examples deliver the same result:
# zkey list
# zkey list --name "secure*"
# zkey list --apqns "*.0039"
# zkey list --volumes "/dev/mapper/disk*"
# zkey list --volumes "*:enc-disk*"
# zkey list --name "secure*" --volumes "*:enc-disk*" --apqns "*.0039"
Key : secure_xtskey1
---------------------------------------------------------------------
Description : This is our secure key in a repository
Secure key size : 272 bytes
Clear key size : 512 bits
XTS type key : Yes
Key type : CCA-AESCIPHER
Volumes : /dev/mapper/disk1:enc-disk1
APQNs : 03.0039
04.0039
Key file name : /etc/zkey/repository/secure_xtskey1.skey
Sector size : (system default)
Volume type : LUKS2
Verification pattern : ac08c5d154374a247d6bbbae047ab9f8
541575915e764f6e35817b56bcf7c999
Created : 2020-08-20 16:57:32
Changed : (never)
Re-enciphered : (never)