All Products
Search
Document Center

Overview

Last Updated: Jan 08, 2021

The hsm_mgmt_tool command line tool helps crypto officers (COs) manage HSM instances and HSM users. The tool also allows crypto users (CUs) to share keys, and obtain and set key attributes.

Before you run a hsm_mgmt_tool command, you must start hsm_mgmt_tool and log on to the HSM instance. Make sure that you log on with as a user that can run the commands you want to use.

Running and Exiting the Tool

To start the hsm_mgmt_tool command line utility:

/opt/hsm/bin/hsm_mgmt_tool /opt/hsm/etc/hsm_mgmt_tool.cfg

Run the following command to end your hsm_mgmt_tool session:

cloudmgmt> quit

Getting Help

Run the following command to list all hsm_mgmt_tool commands:

cloudmgmt> help

Run the following command to obtain the syntax for a hsm_mgmt_tool command:

cloudmgmt> help <command-name>

Command References

The following table describes the commands in the hsm_mgmt_tool.

Command

Description

User Type

changePswd

Changes the passwords of users on a HSM instance. All users can change their own password. COs can change the passwords of all users.

CO

createUser

Creates users of all types on a HSM instance.

CO

deleteUser

Deletes users of all types from a HSM instance.

CO

findAllKeys

Obtains the keys that a user owns or shares. Obtains a hash of the key ownership and data for all the keys on each a HSM instance.

CO, AU

getAttribute

Obtains an attribute value for a HSM key and writes it to a file or standard output (stdout).

CU

getCert

Obtains the certificate of a particular HSM instance and saves it in a specified format.

All

getCertReq

Obtains the certificate request of a particular a HSM instance and saves it in a specified format.

All

getHSMInfo

Obtains information about the device on which a HSM instance runs on.

All. Logon is not required.

getKeyInfo

Obtains owners, shared users, and the quorum authentication status of a key.

All. Logon is not required.

info

Obtains information about a HSM instance, including the IP address, hostname, port, and current user.

All. Logon is not required.

listAttributes

Lists the attributes of a HSM key and the constants that represent them

CU

listUsers

Obtains the users in each of the HSM instances, their user types and IDs, and other attributes.

All. Logon is not required.

loginHSM and logoutHSM

Log on and log off of a HSM instance.

All

server

Enters and exits the server mode of a HSM instance.

All

setAttribute

Changes the values of a label, and encrypt, decrypt, wrap, and unwrap attributes of an existing key.

CU

quit

Quits hsm_mgmt_tool.

All. Logon is not required.

shareKey

Shares an existing key with other users.

CU

storeCert

Stores an HSM owner certificate and owner signed certificate.

PRECO or CO