3.4.14 Import U-HSM Server’s Public Keys to Enable M-HSM Function

The U-HSM server must import its public keys to execute its jobs or send jobs for execution to another U-HSM server running the same Security World.

Use the U-HSMGenImp utility for this type of import:

U-HSMGenImp -p g4cusee -i -n g4cu-seepk-<U _UUID> -a pkg-g4cu-seepk--<U_UUID><HEX VALUE> -k g4see-isk

U-HSMGenImp -p g4cusee -i -n g4cu-seespk-<U _UUID> -a pkg-g4cu-seespk-<U_UUID><HEX VALUE> -k g4see-isk

U_UUID: 32 symbols long UUID of this U-HSM server

For example, 00000000000000000000000000000001.

This U_ UUID is used by the client application (JobManager) to refer to this key. Therefore, it must be set up in the application settings.

pkg-g4cu-seepk-<U_UUID><HEX VALUE>: This is the container file on the disk with the encryption key to be imported.

For example, pkg-g4cu-seepk-00000000000000000000000000000001-8eb9680a.

pkg-g4cu-seespk-<U_UUID><HEX VALUE>: This is the container file on the disk with the signature verification key to be imported.

For example, pkg-g4cu-seespk-00000000000000000000000000000001-0754c1eb. The resulting files are created in the Security World folder.

Example of the resulting key files:

key_simple_g4cu-seepk-00000000000000000000000000000001 and key_simple_g4cu-seespk-00000000000000000000000000000001.

Information about these keys can be viewed using the nfkminfo -k command.

The following figure shows a sample output:

Figure 3-24. Importing U-HSM Public Keys