Imports a masked object into HSM and generates a new key. Masked objects are cloned from HSM using the extractMaskedObject command. Use this command together with extractMaskedObject to clone keys.
Prerequisites
Before you run this command, ensure that you have:
Started
key_mgmt_toolLogged in to HSM as a CU (Crypto User)
Syntax
insertMaskedObject -f <filename>
[-min_srv <minimum-number-of-servers>]
[-timeout <number-of-seconds>]Important
Enter parameters in the order shown above.
Parameters
| Parameter | Required | Description |
|---|---|---|
-f | Yes | The file name of the masked object to import. |
-min_srv | No | The minimum number of servers that the key must synchronize to within the timeout period. If synchronization does not reach this threshold in time, the key is not created. |
-timeout | No | The time in seconds allowed for the key to synchronize to the number of servers specified by -min_srv. Only valid when -min_srv is also specified. Default: no timeout (the command waits indefinitely and only returns when the key is synchronized to the minimum number of servers). |
Example
The following example imports a masked object named maskedObj. The output shows that the new key handle is 20.
Command: insertMaskedObject -f maskedObj
Cfm3InsertMaskedObject returned: 0x00 : HSM Return: SUCCESS
New Key Handle: 20
Cluster Status:
Node id 0 status: 0x00000000 : HSM Return: SUCCESS