lsencryption

Use the lsencryption command to display system encryption information.

Syntax

lsencryption [ -nohdr ] [ -delimdelimiter ]

Parameters

-nohdr: (Optional) By default, headings are displayed for each item of data in a detailed style view. The -nohdr parameter suppresses the display of these headings.
Note: If there is no data to be displayed, headings are not displayed.
-delim delimiter: (Optional) In a detailed view, each item of data has its own row, and if the headings are displayed, the data is separated from the heading by a space. The -delim parameter overrides this behavior. Valid input for the -delim parameter is a one-byte character. In a detailed view, the data is separated from its heading by the specified delimiter.

Description

Use this command to display output related to the system encryption state.

Table 1 describes possible outputs.

Table 1. lsencryption output
Attribute	Value
status	Indicates the system encryption status. `not_supported`, which indicates that the system has no supported encryption function. `not_licensed`, which indicates that the system supports encryption but not all licenses are installed. `licensed`, which indicates that the system has licenses installed for all encryption-capable hardware. `enabled` , which indicates that system encryption is working and ready to create encrypted storage.
error_sequence_number	Indicates the event log sequence number of any problem affecting encryption. If there is no problem it is blank.
usb_rekey	Indicates the state of the Universal Serial Bus (USB) rekey process. `no`, which indicates that there is no rekey process ongoing, but keys exist. `no_key`, which indicates that there is no rekey process and keys do not exist. `prepared`, which indicates that rekey is active and the system has prepared a new key that is waiting for this command to be issued: chencryption -cancel \| commit. `committing`, which indicates that a commit is in progress.
usb_rekey_copies	Indicates the number of USB devices that prepared keys have been written to. The value must be a numeric string.
usb_key_filename	Indicates the name of the file containing the current encryption key. The value must be an alphanumeric string containing between 1 and 110 ASCII characters.
usb_rekey_filename	Indicates the name of the file containing the current prepared encryption key.

An invocation example for a system that is not encrypted

lsencryption

The resulting output:

status not_supported
error_sequence_number
usb_rekey no_key
usb_copies 0
usb_key_filename
usb_rekey_filename

An invocation example for an encrypted system

lsencryption

The resulting output:

status enabled
error_sequence_number
usb_rekey prepared
usb_copies 3
usb_key_filename encryption_key_file_1234ABCD1234ABCD_mycluster
usb_rekey_filename encryption_key_file_5678EFGH5678EFGH_mycluster