Importing a Public Key

Configure command for exporting a Public Key.

The importPubkey command enables you to import a PEM-encoded public key (RSA/EC) into the HSM.

Note

You must wait for the encryption key to get replicated to all replicas before you start using the key. To verify the key replication status, you can run the "getKeyInfo" command in Global mode using the OCI HSM User Management Utility.
Open a command prompt and run importPubkey command to import a PEM-encoded public key (RSA/EC) into the HSM.
Note

When you generate or import keys, we recommend you to set the "min_srv" value as 2.

Syntax

 Syntax: importPubKey -h -l <label> -t <key type> -f <key file name> -w <wrapper key handle> [-min_srv <minimum number of servers>] [-timeout <number of seconds>]

    

Where,

Parameter Description
-h Displays this information.
-l Label for the new key, if label contains spaces it should be written in between " characters.
-t File containing the PEM encoded public key.
-min_srv Specifies the minimum number of servers on which the inserted masked object is synchronized before the timeout parameter expires. The default value is 1.
-f

Filename containing the key to import. File size for each key type:

AES = 16, 24, or 32 bytes

-w Wrapping key handle (KEK = 4).
-timeout Indicates the wwait time (in seconds) for the key to sync across servers.

Example


Command:  importPubKey -f /tmp/public-key1.pem -l kms
KeyMgmtUtilsCreatePublicKey returned: 0x00 : HSM Return: SUCCESS
Public Key Handle: 493
Cluster Status:
Node id 0 status: 0x00000000 : HSM Return: SUCCESS
Node id 1 status: 0x00000000 : HSM Return: SUCCESS
Node id 2 status: 0x00000000 : HSM Return: SUCCESS