ISO8859-1e: H::s Xmp b A g V =!_AU  .7RQZFx7lK  5$!Z"#@ $JL%!&,'(()+*GJ+$,0-.*/* $0* O1* z2 3@ 4%!5!(6D!H70!8#!9#!:1";"8<("W=3">="?:"@=#-A#kB$C%_D#%~E&%F%%G%H&I&J&2K&HL&^M&tN&O&P_&Q2'Rf'OSH'T'U6(V(IW.(^X5(YH(Z) [')\:)G]/)^p)_|*#`l*a$+ b+2c:+Gd+e(+f:+g:+h3,9i(,mj9,k+,l',m-$n8-7o--pp-qW-rZ.sS.ct.u=.v@/w*/Sx0/~y7/z1/{;0|20U}80~K031 11A41s41$14252752m42;2.3#3C+3g:334344#54XR4#4<5$5B.5g.5U5K66g,6'6(6"7,7(17U/7>737-8*38X-84868@9&69g9$9B9: H::!;4;4E;i*;2;9< ? <>G9>9>O>J?H?N@}1@-@AA,-An(A4A,AB'3B3B3C<CC<C/C,C(DDC/Db#DDSD%E)&EO(Ev6E*E7FFF9EFFFHG *GV;G/G8GAH&AHhGHCH(I6)I_I/J=J#J"K'K<.KdeK'K<L!7L^UL6LwM#?MPM[N,CNBNCOBOS2OGOFP"PX(P{ AP 6P EQ )Qc ,Q%Q#Q5R)R:(Rd)R,R/R$S$S92S^'S%S S"T%T#TITa .T!DT"*T#@U $$Ua%:U&"U'9U(V)1V*1W+AW:,JW|-FW.,X/4X;07Xp17X25X31Y4GYH5GY6FY7<Z86Z\9/Z:Z;[<[=H[>=\,?'\j@'\A%\B&\C.]DJ]6E.]F1]G7]H&^I&^AJ;^hK@^L*^M3_N'_DO0_lP_Q`/R``@Sj`Ta UCaV,aWQbX7bXY7bZEb[c\4c.]8cc^9c_3c`Fd a7dQbHdc0ddIeehMUsage: hdcryptmgr <..options..> Display : showlv : Displays LV encryption status showvg : Displays VG encryption capability showmd : Displays encryption metadata related to device Authentication control : authinit : Initializes master key for LV data encryption authunlock : Authenticates to unlock master key of LV authadd : Adds additional authentication methods authcheck : Checks validity of an authentication method authdelete : Removes an authentication method PKS management : pksimport : Import the PKS keys pksexport : Export the PKS keys pksclean : Removes a PKS key pksshow : Displays PKS keys status Conversion : plain2crypt : Converts a LV to encrypted crypt2plain : Converts a LV to not encrypted For more details on <..options..> run : hdcryptmgr -h Usage: hdcryptmgr showlv [-h] [-v] Displays LV encryption status. showvg [-h] [] Display VG encryption capability. authunlock [-h] [-t [-m ]] [-A] Short action : authunl Authenticate encrypted LVs. showmd [-h] [-v] Display Encryption metadata related to the specified device. authcheck [-h] [-t [-m ]] [-i ] [-n ] Short action : authchk Check validity of an authentication method. authinit [-h] [-e ] [-n ] Configure master key and first authentication method. authadd [-h] [-t [-m ]] [-n ] Add an authentication method. authdelete [-h] [-t [-m ]] [-i ] [-n ] [-f] Short action : authdel Remove an authentication method. Cannot have less than one. crypt2plain [-h] First decrypt LV data if necessary and then sets LV as encryption disabled. plain2crypt [-h] [-e ] [-n ] [-f] Set LV as encryption enabled, then set encryption settings, and finally encrypt LV data. If steps are already completed, they are skipped. pksimport [-h] -p [-f] [] Import PKS keys. If LV device is specified, only the LV PKS key is imported. If a VG device is specified, all VG LVs keys are imported. If no device is specified all keys are imported. -f Force option. Allow to import PKS key when VG is missing or when LV is locked. pksexport [-h] -p Export PKS keys. If LV device is specified, only the LV PKS key is exported. If VG device is specified, all the VG LVs keys are exported. pksshow [-h] Show key status in PKS for encryption enabled LVs. pksclean [-h] Remove a key from PKS. Can be used to remove invalid keys or keys no longer used. Removing valid key in PKS should be done via hdcryptmgr authdel sub-command. Usage: keysvrmgr <..options..> add : Adds new key server modify : Modify an existing key server remove : Removes a key server show : Displays key server information For more details on <..options..> run : keysvrmgr -h Usage: keysvrmgr add [-h] -i [-p ] [-g ] -s -c [-P ] Add new key server. The key server ID is created with: server_name[:device_group] modify [-h] [-i ] [-p ] [-s ] [-c ] [-P] Modify an existing key server. remove [-h] Remove a key server. show [-h] Display key server information. -h Print help. -A Authenticate using automatic methods (if available), requiring no user input. -e Data encryption algorithm, mode and key len choice. values can be "prompt" to be prompted for options or "[algorithm]:[b|B][key_len][:w]" b:bits B:bytes (bits is default). If -e option is not used, VG default values are used Use optionnal w param to overwrite VG default with given values. List of supported algorithms : -t authentication type. One value among pwd, keyfile, keyserv or pks -m additional information among: - Input path to authentication keyfile - key server ID in the KeySvr ODM class -i Target only the authentication of specified index. Authentication type is automatically forced according to selected index. -n Authentication method name. -f Force option. Bypass authentication method check before removal. Update encryption status without converting data. This option should be used only for new LV. Existing data may be unrecoverable otherwise. -p Export/Import file path. -i IP address of key server a.b.c.d (each value from 0 to 255) -p Port of key server (Optional, from 0 to 65535, default value is 5696) -g SKLM device group (Optional) -s Absolute path to key server certificate -c Absolute path to client certificate -P Certificate protected with password (Optional, values y|Y|n|N|p|P, y or Y means that password is asked interactively, n or N means that certificate is not protected by password, p or P means that password is stored in PKS, default value is N as no password) -v Verbose : prints more detailed output. Only with LV device name. Display registered authentication methods. Display detailed metadata values. device Input VG or LV device name is required. Only with -A. device Input VG device name is required. device Input LV device name is required. device Input VG device name is optional. device Input LV device name is optional. Key server ID is required %1$s authentication method with name "%2$s" added successfully. %1$s authentication check succeeded. %1$s authentication succeeded. Authentication method (index #%1$d) deletion for LV %2$s succeeded. PKS uses %1$d bytes on a maximum of %2$d bytes. LV %1$s is not encryption enabled. VG %1$s is not encryption enabled. VG containing LV %1$s is not encryption enabled. LV %1$s is already encrypted. LV %1$s is already encryption disabled. Successfully converted LV %1$s to an encrypted LV. Successfully converted LV %1$s to an encryption disabled LV. Please select one of the following encryption algorithms: Default encryption settings: algo=%1$s key length=%2$d bits. Recovering from file : %1$s Same recovery file is then used to apply the conversion. In case of error or if the conversion is canceled, this file may be necessary to be able to recover the LV. If the conversion is fully successful, then the file will be removed automatically. Created recovery file : %1$s In case of error or if the conversion is canceled, this file may be necessary to be able to recover the LV. If the conversion is fully successful, then the file will be removed automatically. PV %1$s has been invalidated. Key server %1$s successfully added Key server %1$s successfully modified Key server %1$s successfully removed List of key servers: ID : %1$s IP : %1$s PORT : %1$d SERVER CERT : %1$s CLIENT CERT : %1$s PWD : %1$s Enter import file path: Enter export file path: Select one ID from list of available servers above (or just hit enter to select the last one): Enter client certificate password (may be empty): 0 : PASSPHRASE 1 : KEYFILE 2 : KEYSERVER 3 : PKS Please select one of the above authentication types: Enter a name for this authentication method (just hit enter if unamed): Enter Passphrase: Please confirm usage of an unsecure passphrase (y|n): Confirm Passphrase: Would you like to use default settings (y|n): Please enter desired key size (in bits, 128 or 256): Would you like to define these settings as default for other LVs (y|n): Select algorithm: Authentication method index to delete: Do you confirm the %1$s method deletion index %2$d (y|n): Do you confirm the %1$s method deletion (y|n): Will not be able to clean the corresponding key entry in keyfile Do you confirm the %1$s method deletion (y|n): Will not be able to clean the corresponding key entry in key server database Do you confirm the %1$s method deletion (y|n): Will not be able to clean the corresponding key entry in PKS Do you confirm the %1$s method deletion (y|n): Authentication method index to use: Enter keyfile path: Passphrases length should be longer than %1$d characters. Too many failed tries. Passphrases do not match. Please retry. Badly formatted line %1$d in import file %2$s is ignored. Invalid algorithm. Expected algorithm between 0 and %1$d. Invalid key size. Expected key size to 128 or 256. Wrong passphrase. Try again (%1$d/%2$d) Keyfile does not match any method. Try again (%1$d/%2$d) Keyserv auth failed. Try again (%1$d/%2$d) PKS auth failed. Try again (%1$d/%2$d) Wrong passphrase. Keyfile does not match any method. Try another keyfile. Keyserv auth failed. Try another key server. PKS auth failed. 3020-0113 Key having LVid %1$s is not imported because a valid PKS key already exists. 3020-0114 Key having LVid %1$s has been imported but it cannot be used to unlock LV %2$s. Key was imported although LV %1$s is not online (VG is varied off or not present). Device is already unlocked. 3020-0117 Unable to get VGid from LVM for VG %1$s (rc=%2$d). 3020-0118 Unable to get LV list from LVM for VG %1$s (rc=%2$d). 3020-0119 Unable to get VG info from LVM. 3020-0120 Unable to get VG definition from LVM. 3020-0121 Unable to get VG metadata pointers from LVM. 3020-0122 Unable to get VG list of PVs from LVM. 3020-0123 Unable to get list of LVs from LVM for VG %1$s . 3020-0124 hdcryptmgr authinit failed for LV %1$s. 3020-0125 hdcryptmgr authunlock failed for device %1$s. 3020-0126 hdcryptmgr authunlock (VG auto) failed to authenticate %1$d LVs. 3020-0127 hdcryptmgr authcheck failed for LV %1$s. 3020-0128 hdcryptmgr authadd failed for LV %1$s. 3020-0129 hdcryptmgr authdelete failed for LV %1$s. 3020-0130 hdcryptmgr showlv failed for device %1$s. 3020-0131 hdcryptmgr showvg failed. 3020-0132 hdcryptmgr showmd failed for device %1$s. 3020-0133 hdcryptmgr plain2crypt failed for LV %1$s. 3020-0134 hdcryptmgr crypt2plain failed for LV %1$s. 3020-0135 Failed to initialize encryption metadata. 3020-0136 LV is not ready to remove encryption enablement. 3020-0137 Internal error (invalid parameter). 3020-0138 Memory allocation error. 3020-0139 Unable to create directory %1$s. 3020-0140 Error when getting VG major from LVM (rc=%1$d). 3020-0141 Unknown device %1$s. 3020-0142 Invalid value for parameter major number. 3020-0143 Invalid value for parameter minor number. 3020-0144 Metadata synchronization failed (rc=%1$d). 3020-0145 Action authunlock with VG device is only allowed with option -A (auto). 3020-0146 LVM device query failed. 3020-0147 No PKS keys associated with the specified device. 3020-0148 LV %1$s must be unlocked. 3020-0149 Unable to read encryption metadata. 3020-0150 Unable to get list of VGs from LVM. 3020-0151 This action is not permitted while a live update operation is in progress. 3020-0152 Failed while checking if a live update operation is in progress. 3020-0153 Unknown action %1$s. 3020-0154 Invalid encryption option inputs. 3020-0155 Unknown authentication type. 3020-0156 Unknown encryption algorithm. 3020-0157 Invalid parameter %1$c. 3020-0158 Parameter -%1$c requires a value. 3020-0159 Provided too many parameters : "%1$s". 3020-0160 User has no %1$s RBAC authorization. 3020-0161 Invalid combination of action %1$s and device name. 3020-0162 Missing LV device name with action %1$s. 3020-0163 Invalid LV device for action %1$s. 3020-0164 Missing VG device name with action %1$s. 3020-0165 Invalid VG device for action %1$s. 3020-0166 Missing device required with action %1$s. 3020-0167 Cannot use -t -A parameters simultaneously. 3020-0168 -m option not allowed with passphrase authentication. 3020-0169 Option -m cannot be used without option -t. 3020-0170 Invalid input. 3020-0171 Bad answer, please retry. 3020-0172 Deleting the last authentication method is not allowed. 3020-0173 Deleting the last passphrase authentication method is not allowed. It is mandatory to have at least one passphrase method defined. 3020-0174 Authentication method with index #%1$d is not a valid method. 3020-0175 Action aborted. 3020-0176 Unknown kmip cmd %1$d. 3020-0177 Unable to open kmip_client library: %1$s. 3020-0178 Unable to load necessary symbols from kmip_client library. 3020-0179 Could not mount ODM class %1$s. 3020-0180 Could not open readonly ODM class %1$s. 3020-0181 Could not get object %1$s from ODM class %2$s. 3020-0182 Key server %1$s is not registered in ODM class %2$s. 3020-0183 Kmip operation %1$d failed : err=%2$d reason=%3$d status=%4$d kmipStatus=%5$d msg=%6$s. 3020-0184 Kmip could not destroy key with uuid=%1$s. 3020-0185 Unable to dynamically link to /unix. 3020-0186 Unable to load necessary symbols from /unix. 3020-0187 Failed to deny LKU. 3020-0188 Read metadata header failed. 3020-0189 Invalid type. Expected type between 0 and %1$d. 3020-0190 Failed to encrypt master key with OpenSSL (%1$s). 3020-0191 Failed to decrypt master key with OpenSSL (%1$s). 3020-0192 PKS authentication already exists (slot %1$d). 3020-0193 LV %1$s is locked, cannot retrieve master key. 3020-0194 All %1$d authentication methods are filled Unable to add a new one. 3020-0195 Authentication method with name %1$s already exist for LV %2$s. 3020-0196 Another authentication method was configured in parallel. All %1$d authentication methods are now filled Unable to add a new one. The operation is aborted. Manual cleanup may be required if adding keyfile, keyserv or pks. 3020-0197 Invalid authentication method index %1$d. Must be in range 0 - %2$d 3020-0198 Unable to remove Key from PKS storage. 3020-0199 Key does not exist in PKS storage. 3020-0200 Unable to generate a key from passphrase with OpenSSL. 3020-0201 LV %1$s is not encryption enabled. 3020-0202 LV is not encryption enabled. 3020-0203 LV data must first be converted to plain. 3020-0204 LV %1$s already has a master key. 3020-0205 LV encryption has been initialized by another command in parallel, Manual cleanup may be required (keyfile/keyserv). 3020-0206 Unable to unlock LV %1$s. Syscall failed 3020-0207 Cannot derive passphrase for export key. 3020-0208 Cannot derive passphrase for import key. 3020-0209 Failed to encrypt export key with OpenSSL (%1$s). 3020-0210 Failed to decrypt import key with OpenSSL (%1$s). 3020-0211 Cannot decode base64 PKS import key. 3020-0212 Failed to decrypt PKS import key. 3020-0213 Failed to add PKS import key. 3020-0214 Invalid import key. 3020-0215 Unable to remove PKS key for LV %1$s 3020-0216 Unable to list PKS LVids 3020-0217 Invalid LVid format 3020-0218 hdcrypt driver service error. %1$s service failed with error %2$d: %3$s. 3020-0219 Error during read nocrypt. 3020-0220 Error during write nocrypt. 3020-0221 Error during data encryption. 3020-0222 No authentication method matching criteria. 3020-0223 The index %1$d is out of range. 3020-0224 No authentication method matching name %1$s. 3020-0225 No authentication method matching index %1$d and name %2$s. 3020-0226 No authentication method matching name %1$s and type %2$s. 3020-0227 No authentication method matching index %1$d and type %2$s. 3020-0228 Failed to read VGname of VG with ID %1$s from ODM table CuAt. 3020-0229 Error while writing LVCB block. 3020-0230 Failed to update LV encryption status in kernel. 3020-0231 Failed to write recovery data to LV. 3020-0232 Unable to set LV conversion status in kernel. 3020-0233 Cannot force encrypt a LV that is not fully decrypted. 3020-0234 Cannot force decrypt a LV that is not fully encrypted. 3020-0235 Unable to get max transfer size for the conversion from LVM. 3020-0236 Unable to initialize bufx used for conversion in kernel. 3020-0237 Unable to read recovery file. 3020-0238 Unable to write recovery file. 3020-0239 Could not allocate enough memory to work with a LTGsize buffer. Conversion performance may be degraded. If conversion is too slow you may want to cancel conversion then try again Buffer is %1$d times smaller than LTG size. LTGsize : %2$d bytes3020-0240 Unable to create recovery file %1$s. 3020-0241 An error occured when removing recovery file %1$s. 3020-0242 Failed to write LV data. 3020-0243 Failed to read LV data. 3020-0244 Unable to create a PKS entry 3020-0245 Unable to open/create keyfile %1$s. 3020-0246 Unable to add a new key in the keyfile. Keyfile %1$s already contains an entry for LV %2$s 3020-0247 Unable to open keyfile %1$s. 3020-0248 Keyfile %1$s contains an invalid key for LV %2$s. 3020-0249 Temporary keyfile %1$s could not be created. 3020-0250 Could not find LV %1$s in keyfile %2$s Keyfile %3$s has not been modified. 3020-0251 Temporary keyfile %1$s could not be removed 3020-0252 Keyfile %1$s could not be removed Updated keyfile is located at %2$s Need to manually move it to a safe path 3020-0253 Temporary keyfile %1$s could not be renamed to %2$s. 3020-0254 Ondisk encryption metadata does not match a valid format on PV %1$s.. 3020-0255 Ondisk encryption metadata timestamps (header/trailer) do not match on PV %1$s.. 3020-0256 Unable to write LV encryption metadata block on PV %1$s. 3020-0257 Unable to read LV encryption metadata block on PV %1$s. 3020-0258 Unable to write whole LV encryption metadata on PV %1$s. 3020-0259 Unable to read whole LV encryption metadata on PV %1$s. 3020-0260 no pvinfo parameter provided (rc=%1$d). 3020-0261 Unable to read encryption metadata from any of the %1$d PVs. 3020-0262 Unable to write encryption metadata on any of the %1$d PVs. 3020-0263 Unable to open PV %1$s. 3020-0264 Unable to invalidate PV %1$s. 3020-0265 Could not read a valid metadata on any disk of the VG. 3020-0266 Writing metadata failed on at least one PV. 3020-0267 Unable to read encryption metadata on any of the %1$d PVs. 3020-0268 Unable to open lock file %1$s. 3020-0269 Fcntl in error on lock file %1$s. 3020-0270 Hdcryptmgr getlock failed. 3020-0271 Hdcryptmgr getlock fork. 3020-0272 Error while retrieving list of key servers 3020-0273 Key server %1$s already exists 3020-0274 Unable to add key server %1$s 3020-0275 Could not find key server %1$s 3020-0276 Unabled to modify key server %1$s 3020-0277 Key server %1$s could not be removed 3020-0278 Could not open %1$s class 3020-0279 No key server in database 3020-0280 Could not get object in %1$s class: %2$s3020-0281 Could not create %1$s class. 3020-0282 Could not mount %1$s class 3020-0283 Missing key server IP 3020-0284 Could not compile regex 3020-0285 IP address not well formed 3020-0286 Missing port 3020-0287 Not valid port value 3020-0288 Missing key server certificate path 3020-0289 Key server certificate path length must be less than %1$d 3020-0290 Missing client certificate path 3020-0291 Client certificate path length must be less than %1$d 3020-0292 Missing sklm device group 3020-0293 Sklm device group length must be less than %1$d 3020-0294 Missing password option 3020-0295 Unknown password option (must be y, Y, n or N) 3020-0296 Invalid parameters or provided in the wrong order. Must use only 1 action, and at most 1 key server ID. Action is always the first parameter and key server ID the last one. 3020-0297 Missing key server ID with action %1$s 3020-0298 Key server ID is too long (max = %1$d) 3020-0299 Key server IP (-i option) is required with action %1$s 3020-0300 Key server certificate (-s option) is required with action %1$s 3020-0301 Client certificate (-c option) is required with action %1$s 3020-0302 Unable to generate a wrapping key 3020-0303 keysvrmgr: failed to add key server %1$s. 3020-0304 keysvrmgr: failed to modify key server %1$s. 3020-0305 keysvrmgr: failed to remove key server %1$s. 3020-0306 keysvrmgr: failed to show key server %1$s. 3020-0307 keysvrmgr: failed to show key servers. 3020-0308 keysvrmgr: failed to open or read the certificate file %1$s. 3020-0309 Invalid values for option -e, will prompt for correct values 3020-0310 LV %1$s encryption authentication must be initialized first 3020-0311 Unable to create the backup file for keyfile %1$s 3020-0312 Unable to open the keyfile backup file %1$s 3020-0313 Failed to write in keyfile file %1$s Created keyfile backup file in %1$s In case of error or if the key deletion is canceled, this file may be necessary to be able to recover the keyfile. If the key deletion is fully successful, then the file will be removed automatically. %1$d PKS keys exported. %1$d PKS keys imported. Failed to get some data about VG %1$s. That VG and its LVs are ignored. Operation ignored because LV %1$s is not encryption enabled. 3020-0319 hdcryptmgr pksimport failed. 3020-0320 hdcryptmgr pksexport failed. 3020-0321 hdcryptmgr pksshow failed. 3020-0322 hdcryptmgr pksclean failed. 3020-0323 Unable to open PKS import file %1$s The key associated with authentication method %1$d on LV %2$s is invalid. 3020-0325 Unable to open PKS export file %1$s 3020-0326 Unable to remove key from PKS storage. 3020-0327 Failed to write data in PKS export file %1$s 3020-0328 Found no PKS keys to import 3020-0329 Found no PKS keys to export 3020-0330 Failed to add client certificate password in PKS 3020-0331 Failed to remove client certificate password from PKS Checking password for certificate %1$s... 3020-0333 Bad password for the client certificate. 3020-0334 Unable to get VGSA from LVM. 3020-0335 Unable to get VGSA pointers from LVM. 3020-0336 Cannot remove password associated with existing key server entry. Use: 'keysvrmgr remove ' to remove the key server entry. -q Quiet mode. 3020-0338 Key having LVid %1$s is not imported because its associated LV %2$s is not encrypted. 3020-0339 Key having LVid %1$s is not imported because its associated LV %2$s does not have a PKS method. 3020-0340 Key having LVid %1$s is not imported because its associated LV %2$s is locked. Use 'hdcryptmgr authunlock %3$s' to unlock it. 3020-0341 Key having LVid %1$s is succesfully imported in LV %2$s. 3020-0342 Key having LVid %1$s is imported. 3020-0343 Key having LVid %1$s is not imported because it cannot unlock LV %2$s. 3020-0344 Transient PKS operation error. Please retry. 3020-0345 Unexpected PKS operation error (errno=%1$d). 3020-0346 System run out of memory while performing a PKS operation. 3020-0347 PKS Storage is full. 3020-0348 PKS is not ready. Bad LPAR state for PKS. 3020-0349 PKS is not supported or PKS is not activated. 3020-0350 System error while performing a PKS operation. 3020-0351 Missing key server name with action %1$s 3020-0352 Key server name:dev_group is too long. Maximum length=%1$d. 3020-0353 Unable to obtain LVM config lock for VG %1$s 3020-0354 Failed to read LVname of LV with ID %1$s from ODM table CuAt. Successfully removed PKS entry with label %1$s. Usage: hdcryptmgr <..options..> Display : showlv : Displays LV encryption status showvg : Displays VG encryption capability showmd : Displays encryption metadata related to device Authentication control : authinit : Initializes master key for LV data encryption authunlock : Authenticates to unlock master key of LV authadd : Adds additional authentication methods authcheck : Checks validity of an authentication method authdelete : Removes an authentication method PKS management : pksimport : Import the PKS keys pksexport : Export the PKS keys pksclean : Removes a PKS key pksshow : Displays PKS keys status Conversion (experimental): plain2crypt : Converts a LV to encrypted crypt2plain : Converts a LV to not encrypted For more details on <..options..> run : hdcryptmgr -h VG can be used only with -A.