3.4.13 Import the U-HSM Public Keys

The M-HSM server needs the public keys of the U-HSM to send it information in a secure way and to verify the authenticity of the data.

Use the M-HSMGenImp utility for imports:

M-HSMGenImp -p g4cmsee -i -n g4cu-seepk-<U_UUID> -a pkg-g4cu-seepk-<U_UUID><HEX VALUE> -k g4see-isk

M-HSMGenImp -p g4cmsee -i -n g4cu-seespk-<U_UUID> -a pkg-g4cu-seespk-<U_UUID><HEX VALUE> -k g4see-isk

U_UUID: 32 bytes long UUID for the imported U-HSM public key.

For example, 00000000000000000000000000000001

pkg-g4cu-seepk-<U_UUID><HEX VALUE>: This is the container file on the disk with the encryption key to be imported.

For example, pkg-g4cu-seepk-00000000000000000000000000000001-5a4a52b3

pkg-g4cu-seespk-<U_UUID><HEX VALUE>: This is the container file on the disk with the signature verification key to be imported.

For example, pkg-g4cu-seespk-00000000000000000000000000000001-0754c1eb: The resulting files are created in the Security World folder.

Example of the resulting key files:

key_simple_g4cu-seepk-00000000000000000000000000000001 and key_simple_g4cu-seespk- 00000000000000000000000000000001.

Information about these keys can be viewed using the nfkminfo -k command. Figure 3-21 shows a sample output from key import.

Figure 3-21. Importing U-HSM Public Keys