3.4.15 Import the M-HSM Public Keys
The U-HSM server needs public keys for every M-HSM, including IHP that executes jobs from this U- HSM server, to send information to it in a secured way and to verify the authenticity of the data.
Use the U-HSMGenImp utility for this type of import:
U-HSMGenImp -p g4cusee -i -n g4cm-seepk-<M_ UUID> -a pkg-g4cm-seepk-<M_UUID><HEX VALUE> -k g4see-isk
U-HSMGenImp -p g4cusee -i -n g4cm-seespk-<M_UUID> -a pkg-g4cm-seespk-<M_UUID><HEX VALUE> -k g4see-isk
M_UUID
: 40 hex characters long UUID for the imported M-HSM public key.
For example, 0000000000000000000000000000000000000002
The M_UUID
is used by the client application (JobManager) to refer to this key.
Therefore, it needs to be set up in the application settings.
pkg-g4cm-seepk-<M_UUID><HEX VALUE>
: This is the container
file on the disk with the encryption key to be imported.
For example, pkg-g4cm-seepk-
0000000000000000000000000000000000000002-2db19054
pkg-g4cm-seespk-<M_UUID><HEX VALUE>
: This is the container
file on the disk with the signature verification key to be imported.
For example, pkg-g4cm-seespk- 0000000000000000000000000000000000000002-
f5544785
The resulting files are created in the Security World folder. Information about these keys can be viewed using the nfkminfo -k command.
Example of the resulting key files:
key_simple_g4cm-seepk- 0000000000000000000000000000000000000002
and
key_simple_g4cm-seespk-0000000000000000000000000000000000000002
Figure 3-25 shows a sample output.