The key_mgmt_tool command line tool helps you to manage keys in HSM. You can create or delete keys. You can also view the attributes of a key. This topic describes the various commands of the key_mgmt_tool command line tool.
The key_mgmt_tool tool provides commands that allow users to generate, delete, import, and export keys, obtain and set attributes, find keys, and perform cryptographic operations.
Running and Exiting the Tool
To start the key_mgmt_tool command line utility:
/opt/hsm/bin/key_mgmt_tool
Run the following command to end your key_mgmt_tool session:
Command: exit
Getting Help
Run the following command to list all key_mgmt_util commands:
Command: help
Run the following command to get help for a particular key_mgmt_tool command:
Command: <command-name> -h
Command References
The following table describes commands in key_mgmt_tool.
Command | Description |
aesWrapUnwrap | Encrypts and decrypts the contents of a key in a file. |
deleteKey | Deletes a key from the HSMs. |
Error2String | Returns the error that corresponds to a key_mgmt_tool hexadecimal error code. |
exit | Exits the key_mgmt_tool. |
exportPrivateKey | Exports a copy of a private key from an HSM instance to a file on a disk. |
exportPubKey | Exports a copy of a public key from an HSM instance to a file. |
exSymKey | Exports a plaintext copy of a symmetric key from an HSM instance to a file. |
extractMaskedObject | Extracts a key from an HSM instance as a masked object file. |
findKey | Search for keys by their key attribute value. |
findSingleKey | Verifies that a key exists on an HSM instance. |
genDSAKeyPair | Generates a Digital Signing Algorithm (DSA) key pair in your HSM instance. |
genECCKeyPair | Generates an Elliptic Curve Cryptography (ECC) key pair in your HSM instance. |
genRSAKeyPair | Generates an RSA asymmetric key pair in your HSM instance. |
genSymKey | Generates a symmetric key in your HSM instance |
getAttribute | Returns the attribute values of an HSM key and writes them to a file. |
getCaviumPrivKey | Creates a fake PEM-format version of a private key and exports it to a file. |
getCert | Retrieves the partitions certificates of an HSM instance and saves them to a file. |
getKeyInfo | Returns the IDs of HSM users that can use the key. If the key is quorum controlled, it returns the number of users in the quorum. |
importPrivateKey | Imports a private key into an HSM instance. |
importPubKey | Imports a public key into an HSM instance. |
imSymKey | Imports a plaintext copy of a symmetric key from a file into an HSM instance. |
insertMaskedObject | Inserts a masked object from a file on a disk into an HSM instance. |
IsValidKeyHandlefile | Determines whether or not a given file contains a real private key or a fake PEM key. |
listAttributes | Lists the attributes of an HSM key and the constants that represent them. |
listUsers | Returns the type and ID of users in an HSM instance, and other user attributes. |
loginHSM and logoutHSM | Logs on and logs off of the HSM instance. |
setAttribute | Converts a session key to a persistent key. |
sign | Generates a signature for a file by using a private key. |
unWrapKey | Imports a wrapped (encrypted) key from a file into your HSM instance. |
verify | Verifies whether a specified key was used to sign a specified file. |
wrapKey | Exports an encrypted copy of a key from the HSM instance to a file. |