3.4.12 Import the M-HSM Public Keys

The M-HSM server needs to import its own public verify key, so that it can securely remove the tickets. Use the M‑HSMGenImp utility for import:

M-HSMGenImp -p g4cmsee -i -n g4cm-seespk-<M_UUID> -a pkg-g4cm-seespk-<M_UUID><HEXVALUE> -k g4see- isk

M_UUID: 40 hex characters long UUID for the imported M-HSM public key.

For example, 0000000000000000000000000000000000000002

pkg-g4cm-seespk-<M_UUID><HEX VALUE>: This is the container file on the disk with the signature verification key to be imported.

For example, pkg-g4cm-seespk- 0000000000000000000000000000000000000002-705f18e9

The resulting file is created in the Security World folder. Information about this key can be viewed using the nfkminfo -k command.

Example of the resulting key file:

key_simple_g4cm-seespk-000000000000000000000000000000000000002

Figure 3-20 shows a sample output from key import.

Figure 3-20. Importing M-HSM Public Key