Importing a Public Key
Configure command for exporting a Public Key.
The importPubkey command enables you to import a PEM-encoded public key (RSA/EC) into the HSM.
Note
You must wait for the encryption key to get replicated to all replicas before you start using the key. To verify the key replication status, you can run the "getKeyInfo" command in Global mode using the OCI HSM User Management Utility.
You must wait for the encryption key to get replicated to all replicas before you start using the key. To verify the key replication status, you can run the "getKeyInfo" command in Global mode using the OCI HSM User Management Utility.
Open a command prompt and run
importPubkey command to import a PEM-encoded public key (RSA/EC) into the HSM. Note
When you generate or import keys, we recommend you to set the "min_srv" value as 2.
When you generate or import keys, we recommend you to set the "min_srv" value as 2.
Syntax
Syntax: importPubKey -h -l <label> -t <key type> -f <key file name> -w <wrapper key handle> [-min_srv <minimum number of servers>] [-timeout <number of seconds>]
Where,
| Parameter | Description |
|---|---|
| -h | Displays this information. |
| -l | Label for the new key, if label contains spaces it should be written in between " characters. |
| -t | File containing the PEM encoded public key. |
| -min_srv | Specifies the minimum number of servers on which the inserted masked object is synchronized before the timeout parameter expires. The default value is 1. |
| -f |
Filename containing the key to import. File size for each key type: AES = 16, 24, or 32 bytes |
| -w | Wrapping key handle (KEK = 4). |
| -timeout | Indicates the wwait time (in seconds) for the key to sync across servers. |
Example
Command: importPubKey -f /tmp/public-key1.pem -l kms
KeyMgmtUtilsCreatePublicKey returned: 0x00 : HSM Return: SUCCESS
Public Key Handle: 493
Cluster Status:
Node id 0 status: 0x00000000 : HSM Return: SUCCESS
Node id 1 status: 0x00000000 : HSM Return: SUCCESS
Node id 2 status: 0x00000000 : HSM Return: SUCCESS