lsencryption

Use the lsencryption command to display system encryption information.

Syntax


>>- lsencryption -- --+----------+-- --------------------------->
                      '- -nohdr -'      

>--+-----------------------+-----------------------------------><
   '- -delim -- delimiter -'

Parameters

-nohdr: (Optional) By default, headings are displayed for each item of data in a detailed style view. The -nohdr parameter suppresses the display of these headings.
Note: If there is no data to be displayed, headings are not displayed.
-delim delimiter: (Optional) In a detailed view, each item of data has its own row, and if the headings are displayed, the data is separated from the heading by a space. The -delim parameter overrides this behavior. Valid input for the -delim parameter is a one-byte character. In a detailed view, the data is separated from its heading by the specified delimiter.

Description

Use this command to display output related to the system encryption state.

Table 1 describes possible outputs.

Table 1. lsencryption output
Attribute	Value
status	Indicates the system encryption status. `not_supported`, which indicates that the system has no supported encryption function. `not_licensed`, which indicates that the system supports encryption but not all licenses are installed. `licensed`, which indicates that the system has licenses installed for all encryption-capable hardware. `enabled` , which indicates that system encryption is working and ready to create encrypted storage.
error_sequence_number	Indicates the event log sequence number of any problem affecting encryption. If there is no problem it is blank.
usb_rekey	Indicates the state of the Universal Serial Bus (USB) rekey process. `no`, which indicates that there is no rekey process ongoing, but keys exist. `no_key`, which indicates that there is no rekey process and keys do not exist. `prepared`, which indicates that a rekey process is active and the system has prepared a new key that is waiting for this command to be issued: chencryption -usb newkey -key commit. `committing`, which indicates that a commit is in progress.
usb_key_copies	Indicates the number of USB devices that prepared keys have been written to. The value must be a numeric string.
usb_key_filename	Indicates the name of the file containing the current encryption key. The value must be an alphanumeric string containing between 1 and 110 ASCII characters.
usb_rekey_filename	Indicates the name of the file containing the current prepared encryption key.
keyserver_status	Indicates the encryption status for key server encryption. The values are: `not_supported`, which indicates that the system has no supported encryption function. `not_licensed`, which indicates that the system supports encryption but not all licenses are installed. `licensed`, which indicates that the system has licenses installed for all encryption-capable hardware. `enabled` , which indicates that system encryption is working and ready to create encrypted storage.
keyserver_rekey	Indicates the state of the key server rekey process. The values are: `no`, which indicates that there is no rekey process ongoing, but keys exist. `no_key`, which indicates that there is no rekey process and keys do not exist. `prepared`, which indicates that a rekey process is active and the system has prepared a new key that is waiting for this command to be issued: chencryption -keyserver newkey -key commit. `committing`, which indicates that a commit is in progress.
keyserver_pmk_uid	Indicates the UID for the key server.
keyserver_rekey_pmk_uid	Indicates the UID (after a rekey process) for the key server.

An invocation example for an encrypted system with no rekey

lsencryption

The resulting output:

status enabled
error_sequence_number 
usb_rekey no
usb_key_copies 0
usb_key_filename 
usb_rekey_filename 
keyserver_status disabled
keyserver_rekey no_key
keyserver_pmk_uid
keyserver_rekey_pmk_uid

An invocation example for an encrypted system during the rekey

lsencryption

The resulting output:

status enabled
error_sequence_number 
usb_rekey prepared
usb_key_copies 3
usb_key_filename 
usb_rekey_filename encryptionkey_0000020061800028_0010030C00000007_Cluster_9.19.88.231
keyserver_status enabled
keyserver_rekey prepared
keyserver_pmk_uid 
keyserver_rekey_pmk_uid KEY-1b9dcbe7-8b1c-401d-9bc2-1791534689fc