Encrypts or decrypts file contents on disk using AES key wrap on an HSM (Hardware Security Module).
Feature description
The aesWrapUnwrap command encrypts or decrypts file contents on disk, primarily using the encryption key. It supports files up to 4 KB (4,096 bytes) and writes the result to a separate output file.
Important
Before running this command, start key_mgmt_tool and log on to the HSM as a CU (Crypto User).
Syntax
aesWrapUnwrap -m <wrap-unwrap mode>
-f <file-to-wrap-unwrap>
-w <wrapping-key-handle>
[-i <wrapping-IV>]
[-out <output-file>]Important
Enter parameters in the order shown in the syntax.
Examples
Encrypt messageFile using the key with handle 6:
Command: aesWrapUnwrap -f messageFile -w 6 -m 1 -out messageFile.wrapped
result data:
D4 B6 FF 25 6F 57 41 51
CF D5 C6 29 EF 21 FA E3
result written to file messageFile.wrapped
Cfm3WrapHostKey returned: 0x00 : HSM Return: SUCCESSDecrypt messageFile.wrapped using the key with handle 6:
Command: aesWrapUnwrap -m 0 -f messageFile.wrapped -w 6 -out messageFile.unwrapped
result data:
61 61 61 61 61 61 0A
result written to file messageFile.unwrapped
Cfm3UnWrapHostKey returned: 0x00 : HSM Return: SUCCESSParameters
| Parameter | Description | Required | Valid values |
|---|---|---|---|
-m | The operation mode. | Yes | 0 (Decrypt), 1 (Encrypt) |
-f | File to be operated on. | Yes | No specific requirements |
-w | Key handle for encryption/decryption. | Yes | No specific requirements |
-i | The initialization vector (IV) for the algorithm. Default value: 0xA6A6A6A6A6A6A6A6. | No | No specific requirements |
-out | The name of the output file. | No | Defaults: wrapped_key (encrypt), unwrapped_key (decrypt) |