Use setAttribute to convert a session key into a persistent key. A persistent key remains in the Hardware Security Module (HSM) until you explicitly delete it.
The command converts the key by changing its token attribute (OBJ_ATTR_TOKEN) from false (0) to true (1).
Prerequisites
Before you begin, make sure that you have:
Started
key_mgmt_toolLogged in to the HSM as a crypto user (CU)
Syntax
setAttribute -o <object handle>
-a 1Important
Enter parameters in the exact order shown in the syntax.
Parameters
| Parameter | Description | Required | Valid values |
|---|---|---|---|
-o | The key handle of the session key to convert. To find the key handle, run findKey. | Yes | Any valid session key handle |
-a | The attribute constant to change. The only valid value is 1, which targets the token attribute (OBJ_ATTR_TOKEN). | Yes | 1 |
Example
The following example converts the session key with handle 21 into a persistent key.
Command: setAttribute -o 21 -a 1
This attribute is defined as a boolean value.
Enter the boolean attribute value (0 or 1):1
Cfm3SetAttribute returned: 0x00 : HSM Return: SUCCESS
Cluster Status:
Node id 0 status: 0x00000000 : HSM Return: SUCCESSA return code of 0x00 confirms the operation succeeded. The key is now persistent and remains in the HSM until deleted.