All Products
Search
Document Center

Step 9: Create a key

Last Updated: Nov 24, 2021

You must create a crypto user (CU) by using the crypto officer (CO) before you can create a key.

Create a crypto user

  1. Run the following commands to start the hsm_mgmt_tool command line utility:

    /opt/hsm/bin/hsm_mgmt_tool /opt/hsm/etc/hsm_mgmt_tool.cfg
  2. Run the loginHSM command to log on to the HSM as the CO.

    loginHSM CO admin <password>
  3. Run the createUser command to create a CU.

    createUser CU crypto_user <enter password>
  4. Run the listUsers command to check whether the CU has been successfully created. If the creation is successful, the following output is returned.

    cloudmgmt>listUsers
    Users on server 0(172.16.0.2):
    Number of users found:3
    
        User Id         User Type       User Name                  MofnPubKey    LoginFailureCnt         2FA
             1          CO          admin                                    NO               0               NO
             2          AU          app_user                                 NO               0               NO
             3          CU          crypto_user                              NO               0               NO

Create a Key

  1. Run the following command to start the hsm_proxy command line utility:

    /opt/hsm/bin/hsm_proxy /opt/hsm/etc/hsm_proxy.cfg
    
    logfiles_location is not specified, logs will be available in current directory
    
    Logs will be available in liquidSecurity.1.<random characters>.log file
    
  2. Use the tail command to get hsm_proxy startup log.

    In this example, the tail liquidSecurity.1.WKCrty.log command is used. If e2e_handle_client_request:HSM FIPS STATE 2 appears, then the HSM has been connected.

    tail liquidSecurity.1.WKCrty.log
    2020-10-28T13:33:05Z liquidSecurity INF: check_preferred_srv_status_noclock: New preferred server node id:0
    2020-10-28T13:33:05Z liquidSecurity INF: do_e2e_encryption_handshake: Trying to login to server as new server connection is established
    2020-10-28T13:33:05Z liquidSecurity INF: e2e_handle_client_request:  Got Authorize session response
    2020-10-28T13:33:05Z liquidSecurity INF: get_partition_info: Get pHSM Info using e2e mgmtch
    2020-10-28T13:33:05Z liquidSecurity INF: e2e_handle_client_request: Authorize session SUCCESS
    2020-10-28T13:33:05Z liquidSecurity INF: e2e_handle_client_request: Got Partition Info
    2020-10-28T13:33:05Z liquidSecurity INF: e2e_handle_client_request: GetPartitionInfo success 0 : HSM Return: SUCCESS
    2020-10-28T13:33:05Z liquidSecurity INF: e2e_handle_client_request: HSM FIPS STATE 2
    2020-10-28T13:33:06Z liquidSecurity INF: libevmulti_init: Initializing events
    2020-10-28T13:33:06Z liquidSecurity INF: libevmulti_init: Ready !
  3. Run the following command to start the key_mgmt_tool command line utility:

    /opt/hsm/bin/key_mgmt_tool
  4. Run the loginHSM command to log on to the HSM as a CU.

    Command:  loginHSM -u CU -s crypto_user -p <enter password>
    
            Cfm3LoginHSM returned: 0x00 : HSM Return: SUCCESS
    
            Cluster Status:
            Node id 0 status: 0x00000000 : HSM Return: SUCCESS
  5. Run the genSymKey command to generate a symmetric key.

    Command:  genSymKey -l testkey -t 31 -s 32
    
            Cfm3GenerateSymmetricKey returned: 0x00 : HSM Return: SUCCESS
    
            Symmetric Key Created.  Key Handle: 6
    
            Cluster Status:
            Node id 0 status: 0x00000000 : HSM Return: SUCCESS
  6. Run the findKey command to find the key that you created.

    Command:  findKey
    
            Total number of keys present: 1
    
            Number of matching keys from start index 0::0
    
            Handles of matching keys:
            6
    
            Cluster Status:
            Node id 0 status: 0x00000000 : HSM Return: SUCCESS
    
            Cfm3FindKey returned: 0x00 : HSM Return: SUCCESS
    
  7. Run the exit command to stop the key_mgmt_tool command line utility.

    Command:  exit