3.4.15 Import the M-HSM Public Keys

The U-HSM server needs public keys for every M-HSM, including IHP that executes jobs from this U- HSM server, to send information to it in a secured way and to verify the authenticity of the data.

Use the U-HSMGenImp utility for this type of import:

U-HSMGenImp -p g4cusee -i -n g4cm-seepk-<M_ UUID> -a pkg-g4cm-seepk-<M_UUID><HEX VALUE> -k g4see-isk

U-HSMGenImp -p g4cusee -i -n g4cm-seespk-<M_UUID> -a pkg-g4cm-seespk-<M_UUID><HEX VALUE> -k g4see-isk

M_UUID: 40 hex characters long UUID for the imported M-HSM public key.

For example, 0000000000000000000000000000000000000002

The M_UUID is used by the client application (JobManager) to refer to this key. Therefore, it needs to be set up in the application settings.

pkg-g4cm-seepk-<M_UUID><HEX VALUE>: This is the container file on the disk with the encryption key to be imported.

For example, pkg-g4cm-seepk- 0000000000000000000000000000000000000002-2db19054

pkg-g4cm-seespk-<M_UUID><HEX VALUE>: This is the container file on the disk with the signature verification key to be imported.

For example, pkg-g4cm-seespk- 0000000000000000000000000000000000000002- f5544785

The resulting files are created in the Security World folder. Information about these keys can be viewed using the nfkminfo -k command.

Example of the resulting key files:

key_simple_g4cm-seepk- 0000000000000000000000000000000000000002 and key_simple_g4cm-seespk-0000000000000000000000000000000000000002

Figure 3-25 shows a sample output.

Figure 3-25. Importing U-HSM Public Key