The nzkeydb command
Use the nzkeydb command to create a keystore for securely storing the SED AEKs.
Syntax
The nzkeydb command has the following syntax.
nzkeydb create -pw <password> [-sklm]
nzkeydb changepw -new_pw <password> -pw <password> [-sklm]
nzkeydb validate [-sklm]
Inputs
The nzkeydb command takes the following inputs:
Input | Description |
---|---|
create | Creates a new local keystore in the /nz/var/keystore directory.
This command fails if there is already a keystore present in the directory. If you include the -sklm option, the command creates a /nz/var/keystore directory if one does not already exist and sets the correct permissions. |
changepw | Changes the password for accessing the local
keystore. You must specify the new password and the current password
to change the password. If you include the -sklm option, the command does not take any action since keystore passwords are not used when the system is configured to use IBM Security Key Lifecycle Manager (ISKLM) for managing AEKs. |
validate | Performs a check for a local keystore to validate
the following:
Important: If the validation fails, contact IBM Support
immediately to troubleshoot the problems with the keystore. The problem
could prevent the disks from being read the next time a disk or system
is powered on.
If you include the -sklm option, the command checks to make sure that the keystore directory is set up correctly. |
Options
The nzkeydb command takes the following options:
Input | Description |
---|---|
-new_pw <new_password> | For the changepw option, specifies the new password for the keystore. |
-pw <password> | Specifies the current password to the keystore. |
-sklm | Indicates that the system uses an IBM Security Key Lifecycle Manager (ISKLM) server to manage AEKs. See the input descriptions earlier in the topic for create, changepw, and validate. |
Description
You use the nzkeydb command to create a keystore that stores and manages the current and previous host and SPU AEKs for the IBM® PureData® System for Analytics N3001 systems. The command logs information when it runs to /nz/kit/log/keydb/keydb.log.
The nzkeydb command is installed in /nz/kit/bin/adm. You must be logged in to the NPS system as the root user to run the command. You must either change to the adm directory and run the command from that location or have that directory in your root user's path to run the command.
Usage
- To create a new keystore:
[root@nzhost-h1 ~]# /nz/kit/bin/adm/nzkeydb create -pw password DB creation successful
- To validate the keystore:
[root@nzhost-h1 adm]# /nz/kit/bin/adm/nzkeydb validate Validation succeeded