sign
The sign command in key_mgmt_util uses a chosen private key to generate a signature for a file.
In order to use sign, you must first have a private key in your HSM. You can generate a private key with the genSymKey, genRSAKeyPair, or genECCKeyPair commands. You can also import one with the importPrivateKey command. For more information, see Generate Keys.
The sign command uses a user-designated signing mechanism, represented by an integer, to sign a message file. For a list of possible signing mechanisms, see Parameters.
Before you run any key_mgmt_util command, you must start key_mgmt_util and log in to the HSM as a crypto user (CU).
Syntax
sign -h sign -f<file name>-k<private key handle>-m<signature mechanism>-out<signed file name>
Example
This example shows how to use sign to sign a file.
Example : Sign a file
This command signs a file named messageFile with a private key with
handle 266309. It uses the SHA256_RSA_PKCS
(1) signing mechanism and saves the resulting signed file as
signedFile.
Command:sign -f messageFile -k 266309 -m 1 -out signedFileCfm3Sign returned: 0x00 : HSM Return: SUCCESS signature is written to file signedFile Cluster Error Status Node id 0 and err state 0x00000000 : HSM Return: SUCCESS Node id 1 and err state 0x00000000 : HSM Return: SUCCESS Node id 2 and err state 0x00000000 : HSM Return: SUCCESS
Parameters
This command takes the following parameters.
-f-
The name of the file to sign.
Required: Yes
-k-
The handle of the private key to be used for signing.
Required: Yes
-m-
An integer that represents the signing mechanism to be used for signing. The possible mechanisms correspond to the follow integers:
Signing Mechanism
Corresponding Integer
SHA1_RSA_PKCS0
SHA256_RSA_PKCS1
SHA384_RSA_PKCS2
SHA512_RSA_PKCS3
SHA224_RSA_PKCS4
SHA1_RSA_PKCS_PSS5
SHA256_RSA_PKCS_PSS6
SHA384_RSA_PKCS_PSS7
SHA512_RSA_PKCS_PSS8
SHA224_RSA_PKCS_PSS9
ECDSA_SHA115
ECDSA_SHA22416
ECDSA_SHA25617
ECDSA_SHA38418
ECDSA_SHA51219
Required: Yes
-out-
The name of the file to which the signed file will be saved.
Required: Yes
Related topics
