3.4.14 Import U-HSM Server’s Public Keys to Enable M-HSM Function
The U-HSM server must import its public keys to execute its jobs or send jobs for execution to another U-HSM server running the same Security World.
Use the U-HSMGenImp
utility for this type of import:
U-HSMGenImp -p g4cusee -i -n g4cu-seepk-<U _UUID> -a pkg-g4cu-seepk--<U_UUID><HEX VALUE> -k g4see-isk
U-HSMGenImp -p g4cusee -i -n g4cu-seespk-<U _UUID> -a pkg-g4cu-seespk-<U_UUID><HEX VALUE> -k g4see-isk
U_UUID
: 32 symbols long UUID of this U-HSM server
For example, 00000000000000000000000000000001
.
This U_ UUID
is used by the client application (JobManager) to refer to this
key. Therefore, it must be set up in the application settings.
pkg-g4cu-seepk-<U_UUID><HEX VALUE>
: This is the container file on
the disk with the encryption key to be imported.
For example, pkg-g4cu-seepk-00000000000000000000000000000001-8eb9680a
.
pkg-g4cu-seespk-<U_UUID><HEX VALUE>
: This is the container
file on the disk with the signature verification key to be imported.
For example, pkg-g4cu-seespk-00000000000000000000000000000001-0754c1eb
. The
resulting files are created in the Security World folder.
Example of the resulting key files:
key_simple_g4cu-seepk-00000000000000000000000000000001
and
key_simple_g4cu-seespk-00000000000000000000000000000001
.
Information about these keys can be viewed using the nfkminfo -k command.
The following figure shows a sample output: