This topic explains the process of exporting a private key from HSM using the getCaviumPrivKey command, resulting in a PEM-formatted file.
Feature description
The getCaviumPriv command exports a private key file from HSM in PEM format, which is known as a fake PEM file. Fake PEM file does not hold the actual private key data but instead references the private key within HSM. This file can be utilized to offload SSL/TLS processing from a web server to HSM.
Ensure you have initiated the key_mgmt_tool and logged on to HSM as CU before executing this command.
Syntax
Enter the parameters as per the following syntax. For detailed parameter descriptions, see Parameters.
getCaviumPrivKey -k <private-key-handle
-out <fake-PEM-file>It is crucial to adhere to the specified order when entering the parameters.
Example
Command: getCaviumPrivKey -k 8 -out /tmp/fakeKey.pem
Private Key Handle is written to /tmp/fakeKey.pem in fake PEM format
getCaviumPrivKey returned: 0x00 : HSM Return: SUCCESSParameters
Parameter name |
Description |
Required |
Valid values |
-k |
Indicates the handle of the private key to be exported. |
Yes |
Utilize findKey to locate the key handle |
-out |
Designates the file path and name for the fake PEM file. |
Yes |
No specific requirements |