All Products
Search
Document Center

Overview

Last Updated: Jan 08, 2021

The key_mgmt_tool command line tool helps you to manage keys in HSM. You can create or delete keys. You can also view the attributes of a key. This topic describes the various commands of the key_mgmt_tool command line tool.

The key_mgmt_tool tool provides commands that allow users to generate, delete, import, and export keys, obtain and set attributes, find keys, and perform cryptographic operations.

Running and Exiting the Tool

To start the key_mgmt_tool command line utility:

/opt/hsm/bin/key_mgmt_tool

Run the following command to end your key_mgmt_tool session:

Command: exit

Getting Help

Run the following command to list all key_mgmt_util commands:

Command: help

Run the following command to get help for a particular key_mgmt_tool command:

Command: <command-name> -h

Command References

The following table describes commands in key_mgmt_tool.

Command

Description

aesWrapUnwrap

Encrypts and decrypts the contents of a key in a file.

deleteKey

Deletes a key from the HSMs.

Error2String

Returns the error that corresponds to a key_mgmt_tool hexadecimal error code.

exit

Exits the key_mgmt_tool.

exportPrivateKey

Exports a copy of a private key from a HSM instance to a file on a disk.

exportPubKey

Exports a copy of a public key from a HSM instance to a file.

exSymKey

Exports a plaintext copy of a symmetric key from a HSM instance to a file.

extractMaskedObject

Extracts a key from a HSM instance as a masked object file.

findKey

Search for keys by their key attribute value.

findSingleKey

Verifies that a key exists on a HSM instance.

genDSAKeyPair

Generates a Digital Signing Algorithm (DSA) key pair in your HSM instance.

genECCKeyPair

Generates an Elliptic Curve Cryptography (ECC) key pair in your HSM instance.

genRSAKeyPair

Generates an RSA asymmetric key pair in your HSM instance.

genSymKey

Generates a symmetric key in your HSM instance

getAttribute

Returns the attribute values of a HSM key and writes them to a file.

getCaviumPrivKey

Creates a fake PEM-format version of a private key and exports it to a file.

getCert

Retrieves the partitions certificates of a HSM instance and saves them to a file.

getKeyInfo

Returns the IDs of HSM users that can use the key. If the key is quorum controlled, it returns the number of users in the quorum.

importPrivateKey

Imports a private key into a HSM instance.

importPubKey

Imports a public key into a HSM instance.

imSymKey

Imports a plaintext copy of a symmetric key from a file into a HSM instance.

insertMaskedObject

Inserts a masked object from a file on a disk into a HSM instance.

IsValidKeyHandlefile

Determines whether or not a given file contains a real private key or a fake PEM key.

listAttributes

Lists the attributes of a HSM key and the constants that represent them.

listUsers

Returns the type and ID of users in a HSM instance, and other user attributes.

loginHSM and logoutHSM

Logs on and logs off of the HSM instance.

setAttribute

Converts a session key to a persistent key.

sign

Generates a signature for a file by using a private key.

unWrapKey

Imports a wrapped (encrypted) key from a file into your HSM instance.

verify

Verifies whether a specified key was used to sign a specified file.

wrapKey

Exports an encrypted copy of a key from the HSM instance to a file.