Recover a key
To recover a key, use the NetBackup Key Management Service (KMS) utility command (the nbkmsutil command) with the included arguments.
# nbkmsutil -help -recoverkey nbkmsutil -recoverkey -keyname <key_name> -kgname <key_group_name> -tag <key_tag> [ -desc <description> ]
Note:
The key state would be set to inactive.
The restore could fail if a key that is used in encrypting the backup data is lost (and no copy of it is available). These keys can be recovered (re-created) with the knowledge of the original key's attributes (tag, passphrase, and salt).
-keyname | Specifies the name of the key to be recovered (re-created). |
-kgname | Specifies the name of the key group to which this key should belong. |
-tag | Specifies the tag that identifies the original key (we need to use the same tag). |
Note:
The user is prompted to enter the correct pass phrase to get the right key (the system does not verify the validity of entered pass phrases).
Note:
Whenever you recover a key, the system prompts you for a salt. A salt is generated for pass phrase derived keys in this version of KMS. To recover the keys that were generated with an older version of KMS, leave the salt field blank.