rocs
rocs -m|--module=<MODULE> [-t|--target=<CARDSET-SPEC>] [-k|--keys=<KEYS-SPEC>] [-c|--cardset=<CARDSET-SPEC>] [-i|--interactive]
-
Restores an OCS from a quorum of its cards
-
Restores softcards
Keys protected by an OCS can only be recovered to another OCS, and not to a softcard. Likewise, softcard-protected keys can only be recovered to another softcard, and not to an OCS. |
If you run rocs
without any parameters, it enters interactive mode, where it displays a rocs
prompt.
In interactive mode, it reads and executes commands from stdin
:
'rocs' key recovery tool
Useful commands: 'help', 'help intro', 'quit'.
rocs >
For more information, see:
Solo XC |
nShield 5s |
Connect + |
Connect XC |
nShield 5c |
Edge |
Remote Admin |
n |
y |
n |
n |
n |
n |
n |
Option | Description |
---|---|
|
Specifies all keys protected by a cardset. You can use this option multiple times to specify multiple cardsets. The value of
|
|
Reads commands interactively, even though keys are specified on the command-line. |
|
Specifies the keys to recover (to create new passphrase for). The value of * mark * appname_: * |
|
A value of this form selects all keys protected by a given card set. |
|
Specifies the cardset to recover (to create new passphrases for). You can use this option multiple times to specify multiple cardsets. See |
Option to address the HSM |
|
|
Module to use for recovery (creating new passphrases). |
Help options |
|
|
Displays help for |
|
Displays a brief usage summary for |
|
Displays the version number of the Security World Software that deploys |
rocs interactive mode commands
At the rocs
prompt, you can use the following commands.
You can specify a command by typing enough characters to identify the command uniquely.
For example, for the status command, you can type st and then press Enter.
|
Command | Description |
---|---|
|
Displays a list of available commands with brief usage messages and a list of other help topics.
With an argument, |
|
Displays a brief step-by-step guide to using |
|
Lists the OCSs and softcards in the current Security World. For example:
In this output:
|
|
Lists the keys in the current Security World, as in the following example:
In this output:
Protection methods:
|
|
Marks the listed keys that are to be recovered to the target OCS or softcard. You can mark one or more keys by number, ident, OCS or softcard, or hash. To mark more than one key at a time, ensure that each key-spec is separated from the other by spaces, for example: [source] ---- mark key-spec1 key-spec2 key-spec3 ---- If you have not selected a target OCS or softcard, or if You can mark and remark the keys to be recovered to various target OCSs or softcards. Remarking a key displaces the first target in favor of the second target. [NOTE] Keys protected by an OCS can only be recovered to another OCS, and not to a softcard. Likewise, softcard-protected keys can only be recovered to another softcard, and not to an OCS. |
|
Selects the hardware security module to be used.
The module |
|
Allows you to leave |
|
Transfers the marked keys to their target OCSs or softcards.
This operation is not permanent until you save these keys by using the |
|
Updates the card set and key information. |
|
Returns keys that have been recovered, but not saved, to being protected by the original protection method.
If the selected keys have not been recovered, |
|
Writes the new key blobs to disk.
If you specify |
|
Lists the currently selected hardware security module and target OCS or softcard. |
|
Sselects a given OCS or softcard ( |
|
Uunmarks the listed keys. Unmarked keys are not recovered. |