Exports a private key from an HSM (Hardware Security Module) as a fake PEM file, which references the key handle inside the HSM rather than storing the actual private key data. Use this file to offload SSL/TLS processing from a web server to the HSM.
Prerequisites
Before running this command, make sure you have:
Started
key_mgmt_toolLogged in to the HSM as a Crypto User (CU)
Syntax
getCaviumPrivKey -k <private-key-handle>
-out <fake-PEM-file>Important
Enter the parameters in the order shown above.
Parameters
| Parameter | Description | Required | Valid values |
|---|---|---|---|
-k | The handle of the private key to export. To find the key handle, call findKey. | Yes | Use findKey to locate the key handle |
-out | The path and name of the fake PEM file to write. | Yes | Any valid file path |
Example
getCaviumPrivKey -k 8 -out /tmp/fakeKey.pemOutput:
Private Key Handle is written to /tmp/fakeKey.pem in fake PEM format
getCaviumPrivKey returned: 0x00 : HSM Return: SUCCESSIn this example, 8 is the private key handle and /tmp/fakeKey.pem is the output file. A return code of 0x00 indicates success.