getCaviumPrivKey - AWS CloudHSM


The getCaviumPrivKey command in key_mgmt_util exports a private key from an HSM in fake PEM format. The fake PEM file, which does not contain the actual private key material but instead references the private key in the HSM, can then be used to establish SSL/TLS offloading from your web server to AWS CloudHSM. For more information, see SSL/TLS Offload on Linux.

Before you run any key_mgmt_util command, you must start key_mgmt_util and login to the HSM as a crypto user (CU).


getCaviumPrivKey -h getCaviumPrivKey -k <private-key-handle -out <fake-PEM-file>


This example shows how to use getCaviumPrivKey to export a private key in fake PEM format.

Example : Export a fake PEM file

This command creates and exports a fake PEM version of a private key with handle 15 and saves it to a file called cavKey.pem. When the command succeeds, exportPrivateKey returns a success message.

Command: getCaviumPrivKey -k 15 -out cavKey.pem Private Key Handle is written to cavKey.pem in fake PEM format getCaviumPrivKey returned: 0x00 : HSM Return: SUCCESS


This command takes the following parameters.


Displays command line help for the command.

Required: Yes


Specifies the key handle of the private key to be exported in fake PEM format.

Required: Yes


Specifies the name of the file to which the fake PEM key will be written.

Required: Yes

Related topics