關鍵 generate-asymmetric-pair ec - AWS CloudHSM
使用者類型要求語法範例引數相關主題

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

關鍵 generate-asymmetric-pair ec

使用 CloudHSM CLI 中的key asymmetric-pair ec命令,在叢集中產生非對稱的橢圓曲線 (EC) key pair。 AWS CloudHSM

使用者類型

下列類型的使用者可以執行此命令。

  • 加密使用者 (CU)

要求

若要執行此命令,必須以 CU 的身分登入。

語法

aws-cloudhsm > help key generate-asymmetric-pair ec
Generate an Elliptic-Curve Cryptography (ECC) key pair

Usage: key generate-asymmetric-pair ec [OPTIONS] --public-label <PUBLIC_LABEL> --private-label <PRIVATE_LABEL> --curve <CURVE>

Options:
      --cluster-id <CLUSTER_ID>
          Unique Id to choose which of the clusters in the config file to run the operation against. If not provided, will fall back to the value provided when interactive mode was started, or error
      --public-label <PUBLIC_LABEL>
          Label for the public key
      --private-label <PRIVATE_LABEL>
          Label for the private key
      --session
          Creates a session key pair that exists only in the current session. The key cannot be recovered after the session ends
      --curve <CURVE>
          Elliptic curve used to generate the key pair [possible values: prime256v1, secp256r1, secp224r1, secp384r1, secp256k1, secp521r1]
      --public-attributes [<PUBLIC_KEY_ATTRIBUTES>...]
          Space separated list of key attributes to set for the generated EC public key in the form of KEY_ATTRIBUTE_NAME=KEY_ATTRIBUTE_VALUE
      --private-attributes [<PRIVATE_KEY_ATTRIBUTES>...]
          Space separated list of key attributes to set for the generated EC private key in the form of KEY_ATTRIBUTE_NAME=KEY_ATTRIBUTE_VALUE
  -h, --help
          Print help

範例

下列範例示範如何使用 key generate-asymmetric-pair ec 命令來建立 EC 金鑰對。

範例:建立 EC 金鑰對
aws-cloudhsm > key generate-asymmetric-pair ec \
    --curve secp224r1 \
    --public-label ec-public-key-example \
    --private-label ec-private-key-example
{
  "error_code": 0,
  "data": {
    "public_key": {
      "key-reference": "0x000000000012000b",
      "key-info": {
        "key-owners": [
          {
            "username": "cu1",
            "key-coverage": "full"
          }
        ],
        "shared-users": [],
        "cluster-coverage": "session"
      },
      "attributes": {
        "key-type": "ec",
        "label": "ec-public-key-example",
        "id": "",
        "check-value": "0xd7c1a7",
        "class": "public-key",
        "encrypt": false,
        "decrypt": false,
        "token": false,
        "always-sensitive": false,
        "derive": false,
        "destroyable": true,
        "extractable": true,
        "local": true,
        "modifiable": true,
        "never-extractable": false,
        "private": true,
        "sensitive": false,
        "sign": false,
        "trusted": false,
        "unwrap": false,
        "verify": false,
        "wrap": false,
        "wrap-with-trusted": false,
        "key-length-bytes": 57,
        "ec-point": "0x047096513df542250a6b228fd9cb67fd0c903abc93488467681974d6f371083fce1d79da8ad1e9ede745fb9f38ac8622a1b3ebe9270556000c",
        "curve": "secp224r1"
      }
    },
"private_key": {
      "key-reference": "0x000000000012000c",
      "key-info": {
        "key-owners": [
          {
            "username": "cu1",
            "key-coverage": "full"
          }
        ],
        "shared-users": [],
        "cluster-coverage": "session"
      },
      "attributes": {
        "key-type": "ec",
        "label": "ec-private-key-example",
        "id": "",
        "check-value": "0xd7c1a7",
        "class": "private-key",
        "encrypt": false,
        "decrypt": false,
        "token": false,
        "always-sensitive": true,
        "derive": false,
        "destroyable": true,
        "extractable": true,
        "local": true,
        "modifiable": true,
        "never-extractable": false,
        "private": true,
        "sensitive": true,
        "sign": false,
        "trusted": false,
        "unwrap": false,
        "verify": false,
        "wrap": false,
        "wrap-with-trusted": false,
        "key-length-bytes": 122,
        "ec-point": "0x047096513df542250a6b228fd9cb67fd0c903abc93488467681974d6f371083fce1d79da8ad1e9ede745fb9f38ac8622a1b3ebe9270556000c",
        "curve": "secp224r1"
      }
    }
  }
}
範例:建立具有選用屬性的 EC 金鑰對
aws-cloudhsm > key generate-asymmetric-pair ec \
    --curve secp224r1 \
    --public-label ec-public-key-example \
    --private-label ec-private-key-example \
    --public-attributes token=true encrypt=true \
    --private-attributes token=true decrypt=true
{
  "error_code": 0,
  "data": {
    "public_key": {
      "key-reference": "0x00000000002806eb",
      "key-info": {
        "key-owners": [
          {
            "username": "cu1",
            "key-coverage": "full"
          }
        ],
        "shared-users": [],
        "cluster-coverage": "full"
      },
      "attributes": {
        "key-type": "ec",
        "label": "ec-public-key-example",
        "id": "",
        "check-value": "0xedef86",
        "class": "public-key",
        "encrypt": true,
        "decrypt": false,
        "token": true,
        "always-sensitive": false,
        "derive": false,
        "destroyable": true,
        "extractable": true,
        "local": true,
        "modifiable": true,
        "never-extractable": false,
        "private": true,
        "sensitive": false,
        "sign": false,
        "trusted": false,
        "unwrap": false,
        "verify": false,
        "wrap": false,
        "wrap-with-trusted": false,
        "key-length-bytes": 57,
        "ec-point": "0x0487af31882189ec29eddf17a48e8b9cebb075b7b5afc5522fe9c83a029a450cc68592889a1ebf45f32240da5140d58729ffd7b2d44262ddb8",
        "curve": "secp224r1"
      }
    },
    "private_key": {
      "key-reference": "0x0000000000280c82",
      "key-info": {
        "key-owners": [
          {
            "username": "cu1",
            "key-coverage": "full"
          }
        ],
        "shared-users": [],
        "cluster-coverage": "full"
      },
      "attributes": {
        "key-type": "ec",
        "label": "ec-private-key-example",
        "id": "",
        "check-value": "0xedef86",
        "class": "private-key",
        "encrypt": false,
        "decrypt": true,
        "token": true,
        "always-sensitive": true,
        "derive": false,
        "destroyable": true,
        "extractable": true,
        "local": true,
        "modifiable": true,
        "never-extractable": false,
        "private": true,
        "sensitive": true,
        "sign": false,
        "trusted": false,
        "unwrap": false,
        "verify": false,
        "wrap": false,
        "wrap-with-trusted": false,
        "key-length-bytes": 122,
        "ec-point": "0x0487af31882189ec29eddf17a48e8b9cebb075b7b5afc5522fe9c83a029a450cc68592889a1ebf45f32240da5140d58729ffd7b2d44262ddb8",
        "curve": "secp224r1"
      }
    }
  }
}

引數

<CLUSTER_ID>

執行此作業的叢集識別碼。

必要:如果已設定多個叢集。

<CURVE>

指橢圓曲線的識別符。

  • prime256v1

  • secp256r1

  • secp224r1

  • secp384r1

  • secp256k1

  • secp521r1

必要:是

<PUBLIC_KEY_ATTRIBUTES>

指一個空格分隔的金鑰屬性清單,以 KEY_ATTRIBUTE_NAME=KEY_ATTRIBUTE_VALUE (例如,token=true) 的形式為產生的 EC 公有金鑰設定

如需支援的金鑰屬性清單,請參閱 CloudHSM CLI 的金鑰屬性

必要:否

<PUBLIC_LABEL>

指使用者定義的公有金鑰標籤。用戶端 SDK 5.11 及之後允許的大小上限為 127 個字元。label用戶端 SDK 5.10 及之前版本的限制為 126 個字元。

必要:是

<PRIVATE_KEY_ATTRIBUTES>

指一個空格分隔的金鑰屬性清單,以 KEY_ATTRIBUTE_NAME=KEY_ATTRIBUTE_VALUE (例如,token=true) 的形式為產生的 EC 私有金鑰設定

如需支援的金鑰屬性清單,請參閱 CloudHSM CLI 的金鑰屬性

必要:否

<PRIVATE_LABEL>

指使用者定義的私有金鑰標籤。用戶端 SDK 5.11 及之後允許的大小上限為 127 個字元。label用戶端 SDK 5.10 及之前版本的限制為 126 個字元。

必要:是

<SESSION>

建立只在目前工作階段中存在的金鑰。工作階段結束後,金鑰無法復原。

當您僅短暫需要金鑰 (例如,加密後快速解密另一個金鑰的包裝金鑰) 時,請使用此參數。請勿使用工作階段金鑰來加密工作階段結束後可能需要解密的資料。

根據預設,產生的金鑰是持久性 (權杖) 金鑰。在 <SESSION> 傳遞會變更此情況,確保使用此參數生成的金鑰是工作階段 (臨時) 金鑰。

必要:否

相關主題