3.4.8.2 Generate the U-HSM Private Keys
- Open the command prompt as an administrator and change directory to C:\Microsemi\Tools.
- Create the SEE Key for encryption
using the
M-HSMGenImp
utility:U-HSMGenImp -p g4cusee -g -c <key_signer_hash> -n g4cu-seesk-<U_HSM_UUID> U_HSM_UUID: Microchip-assigned UUID
The "-c" flag must be used as shown in this example. It corresponds to the userdata-signer key installed during the installation of the SEE Integ key (see section Install the SEE Integ Key).
The following figure shows a sample:
The created key is stored in the Security World directory as follows (with the highlighted part corresponding to the customer UUID):
key_simple_g4cu-seesk-00000000000000000000000000000001
Once the key is generated, it must be set up in both U-HSMMaster.config files, in the Server and Tools directories, as described in section Update Server and Tools Configuration.
- Create the SEE Key for signing using
the U-HSMGenImp utility:
U-HSMGenImp -p g4cusee -g -c <key_signer_hash> -n g4cu-seessk-<U_HSM_UUID> -S
All of the parameters are same as in step two with the exception of name (that is, seessk vs. seesk) and a flag. The "-S" flag corresponds to generating the key for the signing operation instead of for encryption.
The following figure shows a sample:
The created key is stored in the Security World directory as follows (with the highlighted part corresponding to the cutomer UUID):
key_simple_g4cu-seessk-00000000000000000000000000000001