IsValidKeyHandlefile - AWS CloudHSM


The IsValidKeyHandlefile command in key_mgmt_util is used to find out whether a key file in an HSM contains a real private key or a fake PEM key. A fake PEM file does not contain the actual private key material but instead references the private key in the HSM. Such a file can be used to establish SSL/TLS offloading from your web server to AWS CloudHSM. For more information, see SSL/TLS Offload on Linux.

Before you run any key_mgmt_util command, you must start key_mgmt_util and log in to the HSM as a crypto user (CU).


IsValidKeyHandlefile -h IsValidKeyHandlefile -k <private-key-handle -f <private-key-file>


These examples show how to use IsValidKeyHandlefile to determine whether a given key file contains the real key material or fake PEM key material.

Example : Validate a Real Private Key

This command confirms that the file called privateKey.pem contains real key material.

Command: IsValidKeyHandlefile -f privateKey.pem Input key file has real private key

Example : Invalidate a Fake PEM Key

This command confirms that the file called caviumKey.pem contains fake PEM key material made from key handle 15.

Command: IsValidKeyHandlefile -f caviumKey.pem Input file has invalid key handle: 15


This command takes the following parameters.


Displays command line help for the command.

Required: Yes


Specifies the name of the file to be checked for valid key material.

Required: Yes

Related Topics