You must create a crypto user (CU) by using the crypto officer (CO) before you can create a key.
Create a crypto user
Run the following commands to start the hsm_mgmt_tool command line utility:
/opt/hsm/bin/hsm_mgmt_tool /opt/hsm/etc/hsm_mgmt_tool.cfgRun the loginHSM command to log on to the HSM as the CO.
loginHSM CO admin <password>Run the createUser command to create a CU.
createUser CU crypto_user <enter password>Run the listUsers command to check whether the CU has been successfully created. If the creation is successful, the following output is returned.
cloudmgmt>listUsers Users on server 0(172.16.0.2): Number of users found:3 User Id User Type User Name MofnPubKey LoginFailureCnt 2FA 1 CO admin NO 0 NO 2 AU app_user NO 0 NO 3 CU crypto_user NO 0 NO
Create a Key
Run the following command to start the hsm_proxy command line utility:
/opt/hsm/bin/hsm_proxy /opt/hsm/etc/hsm_proxy.cfg logfiles_location is not specified, logs will be available in current directory Logs will be available in liquidSecurity.1.<random characters>.log fileUse the tail command to get hsm_proxy startup log.
In this example, the tail liquidSecurity.1.WKCrty.log command is used. If e2e_handle_client_request:HSM FIPS STATE 2 appears, then the HSM has been connected.
tail liquidSecurity.1.WKCrty.log 2020-10-28T13:33:05Z liquidSecurity INF: check_preferred_srv_status_noclock: New preferred server node id:0 2020-10-28T13:33:05Z liquidSecurity INF: do_e2e_encryption_handshake: Trying to login to server as new server connection is established 2020-10-28T13:33:05Z liquidSecurity INF: e2e_handle_client_request: Got Authorize session response 2020-10-28T13:33:05Z liquidSecurity INF: get_partition_info: Get pHSM Info using e2e mgmtch 2020-10-28T13:33:05Z liquidSecurity INF: e2e_handle_client_request: Authorize session SUCCESS 2020-10-28T13:33:05Z liquidSecurity INF: e2e_handle_client_request: Got Partition Info 2020-10-28T13:33:05Z liquidSecurity INF: e2e_handle_client_request: GetPartitionInfo success 0 : HSM Return: SUCCESS 2020-10-28T13:33:05Z liquidSecurity INF: e2e_handle_client_request: HSM FIPS STATE 2 2020-10-28T13:33:06Z liquidSecurity INF: libevmulti_init: Initializing events 2020-10-28T13:33:06Z liquidSecurity INF: libevmulti_init: Ready !Run the following command to start the key_mgmt_tool command line utility:
/opt/hsm/bin/key_mgmt_toolRun the loginHSM command to log on to the HSM as a CU.
Command: loginHSM -u CU -s crypto_user -p <enter password> Cfm3LoginHSM returned: 0x00 : HSM Return: SUCCESS Cluster Status: Node id 0 status: 0x00000000 : HSM Return: SUCCESSRun the genSymKey command to generate a symmetric key.
Command: genSymKey -l testkey -t 31 -s 32 Cfm3GenerateSymmetricKey returned: 0x00 : HSM Return: SUCCESS Symmetric Key Created. Key Handle: 6 Cluster Status: Node id 0 status: 0x00000000 : HSM Return: SUCCESSRun the findKey command to find the key that you created.
Command: findKey Total number of keys present: 1 Number of matching keys from start index 0::0 Handles of matching keys: 6 Cluster Status: Node id 0 status: 0x00000000 : HSM Return: SUCCESS Cfm3FindKey returned: 0x00 : HSM Return: SUCCESSRun the exit command to stop the key_mgmt_tool command line utility.
Command: exit