How to check if the key file on HSM is correct - Key Management Service

Use IsValidKeyHandlefile to check whether a key file contains a real RSA private key or a counterfeit PEM file that references a key handle in the HSM.

Background

A counterfeit PEM file does not contain actual private key material. Instead, it stores a reference to a private key within the hardware security module (HSM). Counterfeit PEM files are typically created by getCaviumPrivKey.

Prerequisites

Before you run this command, ensure that you have:

Started key_mgmt_tool
Logged on to the HSM as a CU (Crypto User)

Syntax

IsValidKeyHandlefile -f <private-key-file>

Important

Enter parameters in the order shown in the syntax.

Parameters

Parameter	Description	Required	Valid values
`-f`	Path and name of the key file to check	Yes	No special requirements

Examples

Validate a counterfeit PEM file

This command confirms that fakeKey.pem is a counterfeit PEM file that references key handle 8 in the HSM.

Command:  IsValidKeyHandlefile -f /tmp/fakeKey.pem

          Input file has invalid key handle: 8

What's next

getCaviumPrivKey — export a counterfeit PEM file from the HSM