Generating keys
To generate keys on the HSM, use the command that corresponds to the type of key that you want to generate.
Topics
Generate symmetric keys
Use the genSymKey command to generate AES and other types of symmetric keys. To see all available options, use the genSymKey -h command.
The following example creates a 256-bit AES key.
Command:genSymKey -t 31 -s 32 -l aes256Cfm3GenerateSymmetricKey returned: 0x00 : HSM Return: SUCCESS Symmetric Key Created. Key Handle: 524295 Cluster Error Status Node id 0 and err state 0x00000000 : HSM Return: SUCCESS Node id 1 and err state 0x00000000 : HSM Return: SUCCESS Node id 2 and err state 0x00000000 : HSM Return: SUCCESS
Generate RSA key pairs
To generate an RSA key pair, use the genRSAKeyPair command. To see all available options, use the genRSAKeyPair -h command.
The following example generates an RSA 2048-bit key pair.
Command:genRSAKeyPair -m 2048 -e 65537 -l rsa2048Cfm3GenerateKeyPair returned: 0x00 : HSM Return: SUCCESS Cfm3GenerateKeyPair: public key handle: 524294 private key handle: 524296 Cluster Error Status Node id 0 and err state 0x00000000 : HSM Return: SUCCESS Node id 1 and err state 0x00000000 : HSM Return: SUCCESS Node id 2 and err state 0x00000000 : HSM Return: SUCCESS
Generate ECC (elliptic curve cryptography) key pairs
To generate an ECC key pair, use the genECCKeyPair command. To see all available options, including a list of the supported elliptic curves, use the genECCKeyPair -h command.
The following example generates an ECC key pair using the P-384 elliptic curve defined
in NIST FIPS publication
186-4
Command:genECCKeyPair -i 14 -l ecc-p384Cfm3GenerateKeyPair returned: 0x00 : HSM Return: SUCCESS Cfm3GenerateKeyPair: public key handle: 524297 private key handle: 524298 Cluster Error Status Node id 0 and err state 0x00000000 : HSM Return: SUCCESS Node id 1 and err state 0x00000000 : HSM Return: SUCCESS Node id 2 and err state 0x00000000 : HSM Return: SUCCESS
