The key_mgmt_tool command line tool helps you to manage keys in HSM. You can create or delete keys. You can also view the attributes of a key. This topic describes the various commands of the key_mgmt_tool command line tool.
The key_mgmt_tool tool provides commands that allow users to generate, delete, import, and export keys, obtain and set attributes, find keys, and perform cryptographic operations.
Running and Exiting the Tool
To start the key_mgmt_tool command line utility:
Run the following command to end your key_mgmt_tool session:
Run the following command to list all key_mgmt_util commands:
Run the following command to get help for a particular key_mgmt_tool command:
Command: <command-name> -h
The following table describes commands in key_mgmt_tool.
Encrypts and decrypts the contents of a key in a file.
Deletes a key from the HSMs.
Returns the error that corresponds to a key_mgmt_tool hexadecimal error code.
Exits the key_mgmt_tool.
Exports a copy of a private key from a HSM instance to a file on a disk.
Exports a copy of a public key from a HSM instance to a file.
Exports a plaintext copy of a symmetric key from a HSM instance to a file.
Extracts a key from a HSM instance as a masked object file.
Search for keys by their key attribute value.
Verifies that a key exists on a HSM instance.
Generates a Digital Signing Algorithm (DSA) key pair in your HSM instance.
Generates an Elliptic Curve Cryptography (ECC) key pair in your HSM instance.
Generates an RSA asymmetric key pair in your HSM instance.
Generates a symmetric key in your HSM instance
Returns the attribute values of a HSM key and writes them to a file.
Creates a fake PEM-format version of a private key and exports it to a file.
Retrieves the partitions certificates of a HSM instance and saves them to a file.
Returns the IDs of HSM users that can use the key. If the key is quorum controlled, it returns the number of users in the quorum.
Imports a private key into a HSM instance.
Imports a public key into a HSM instance.
Imports a plaintext copy of a symmetric key from a file into a HSM instance.
Inserts a masked object from a file on a disk into a HSM instance.
Determines whether or not a given file contains a real private key or a fake PEM key.
Lists the attributes of a HSM key and the constants that represent them.
Returns the type and ID of users in a HSM instance, and other user attributes.
loginHSM and logoutHSM
Logs on and logs off of the HSM instance.
Converts a session key to a persistent key.
Generates a signature for a file by using a private key.
Imports a wrapped (encrypted) key from a file into your HSM instance.
Verifies whether a specified key was used to sign a specified file.
Exports an encrypted copy of a key from the HSM instance to a file.