key_mgmt_util command reference
The key_mgmt_util command line tool helps you to manage keys in the HSMs in your cluster, including creating, deleting, and finding keys and their attributes. It includes multiple commands, each of which is described in detail in this topic.
For a quick start, see Getting started with key_mgmt_util. For help interpreting the key attributes, see the Key Attribute Reference. For information about the cloudhsm_mgmt_util command line tool, which includes commands to manage the HSM and users in your cluster, see CloudHSM Management Utility (CMU).
Before you run any key_mgmt_util command, you must start key_mgmt_util and log in to the HSM as a crypto user (CU).
To list all key_mgmt_util commands, type:
Command:
help
To get help for a particular key_mgmt_util command, type:
Command:
<command-name>
-h
To end your key_mgmt_util session, type:
Command:
exit
The following topics describe commands in key_mgmt_util.
Note
Some commands in key_mgmt_util and cloudhsm_mgmt_util have the same names. However, the commands typically have different syntax, different output, and slightly different functionality.
Command | Description |
---|---|
Encrypts and decrypts the contents of a key in a file. |
|
Deletes a key from the HSMs. |
|
Gets the error that corresponds to a key_mgmt_util hexadecimal error code. |
|
Exits the key_mgmt_util. |
|
Exports a copy of a private key from an HSM to a file on disk. |
|
Exports a copy of a public key from an HSM to a file. | |
Exports a plaintext copy of a symmetric key from the HSMs to a file. |
|
Extracts a key from an HSM as a masked object file. |
|
Search for keys by key attribute value. |
|
Verifies that a key exists on all HSMs in the cluster. |
|
Generates a Digital Signing Algorithm |
|
Generates an Elliptic Curve
Cryptography |
|
Generates an RSA |
|
Generates a symmetric key in your HSMs |
|
Gets the attribute values for an AWS CloudHSM key and writes them to a file. |
|
Creates a fake PEM-format version of a private key and exports it to a file. |
|
Retrieves an HSM's partitions certificates and saves them to a file. |
|
Gets the HSM user IDs of users who can use the key. If the key is quorum controlled, it gets the number of users in the quorum. |
|
Displays help information about the commands available in key_mgmt_util. |
|
Imports a private key into an HSM. |
|
Imports a public key into an HSM. | |
Imports a plaintext copy of a symmetric key from a file into the HSM. |
|
Inserts a masked object from a file on disk into an HSM contained by related cluster to the object's origin cluster. Related clusters are any clusters generated from a backup of the origin cluster. |
|
Determines whether or not a given file contains a real private key or a fake PEM key. |
|
Lists the attributes of an AWS CloudHSM key and the constants that represent them. |
|
Gets the users in the HSMs, their user type and ID, and other attributes. |
|
Log in and out of the HSMs in a cluster. |
|
Converts a session key to a persistent key. |
|
Generate a signature for a file using a chosen private key. |
|
Imports a wrapped (encrypted) key from a file into the HSMs. |
|
Verifies whether a given key was used to sign a given file. |
|
Exports an encrypted copy of a key from the HSM to a file. |