Generating AES Symmetric Key

Configure command for generating AES Symmetric Key.

The genSymKey command generates a symmetric key in your HSMs. You can specify the key type and size, assign an ID and label, and share the key with other HSM users.

Note

You must wait for the encryption key to get replicated to all replicas before you start using the key. To verify the key replication status, you can run the "getKeyInfo" command in Global mode.
Open a command prompt and run genSymKey command to generate an AES type (-t 31) symmetric key in a partition.
Note

When you generate or import keys, we recommend you to set the "min_srv" value as 2.

Syntax

Command:  genSymKey -h
Description
===========
Generates a Symmetric  keys.
Syntax: genSymKey -h -l <label > -t <key type> -s <key size>[-sess] [-nex] [-min_srv <minimum number of servers>] [-timeout <number of seconds>]

Where,

Parameter Description
-h Displays this information
-l specifies the Key Label, if label contains spaces it should be written in between " characters.
-t Specifies the key type (31 = AES)
-s Specifies the key size in bytes for AES : 16, 24, 32
-sess Specifies key as session key
-min_srv Specifies the minimum number of HSMs in which the key is synchronized before the value of the -timeout parameter expires. If the key is not synchronized to the specified number of servers in the time allotted, it is not created. Dafault value for min_srv is 1.
-timeout Specifies the number of seconds to wait for the key to get synced when min_srv option is used. If nothing is specified, the polling will continue forever.
-nex set the key as non-extractable

Example

Command:  genSymKey -l oci-key -t 31 -s 32
       KeyMgmtUtilGenerateSymmetricKey returned: 0x00 : HSM Return: SUCCESS
       Symmetric Key Created.  Key Handle: 129
       Cluster Status:
       Node id 0 status: 0x00000000 : HSM Return: SUCCESS