Generating RSA Key Pair

Configure command to generate Key Pair.

The genRSAKeyPair command generates an RSA asymmetric key pair. You specify the key type, modulus length, and a public exponent.

Note

You must wait for the encryption key to get replicated to all replicas before you start using the key. To verify the key replication status, you can run the "getKeyInfo" command in Global mode using the OCI HSM User Management Utility.
Generate RSA key pair specifying modulus length, public exponent, and key label.
Note

When you generate or import keys, we recommend you to set the "min_srv" value as 2.

Syntax

Syntax: genRSAKeyPair -h -m <modulus length> -e <public exponent> -l <label>
[-sess] [-nex] [-min_srv <minimum number of servers>] [-timeout <number of seconds>]

Where,

Parameter Description
-h displays this information
-m specifies the modulus length: eg. 2048
-e specifies the public exponent: any odd number typically >= 65537 to 2^31 - 1
-l Specifies the key label, if label contains spaces it should be written in between " characters.
-sess Specifies key as session key
-nex set the key as non-extractable
-min_srv Specifies the minimum number of HSMs in which the key is synchronized before the value of the -timeout parameter expires. If the key is not synchronized to the specified number of servers in the time allotted, it is not created. Dafault value for min_srv is 1.
-timeout Specifies the number of seconds to wait for the key to get synced when min_srv option is used. If nothing is specified, the polling will continue forever

Example

Command:  genRSAKeyPair -m 2048 -e 65537 -l OCI
KeyMgmtUtilsGenerateKeyPair returned: 0x00 : HSM Return: SUCCESS
KeyMgmtUtilsGenerateKeyPair:    public key handle: 262556    private key handle: 262557
Cluster Status:
Node id 0 status: 0x00000000 : HSM Return: SUCCESS
Node id 1 status: 0x00000000 : HSM Return: SUCCESS
Node id 2 status: 0x00000000 : HSM Return: SUCCESS