Exporting a Symmetric Key
Configure command for exporting a Symmetric Key.
The exSymKey command exports plain text copy of a symmetric key from the HSM and saves it in a file on the disk.
Open a command prompt and run exSymKey command to export a symmetric key.
Syntax
exSymKey -h -w <wrapping key> -k <key to export> [-m <wrapping mechanism>] [-wk <unwrapping key file>]
Where,
| Parameter | Description |
|---|---|
| -h | displays this information |
| -w | specifies the handle of the wrapping key |
| -k | specifies the public key handle |
| -m | Specifies the wrapping mechanism (Optional) CLOUDHSM_AES_KEY_WRAP and NIST_AES_WRAP_PAD. Default value is 4. |
| -wk | Specifies the AES key to unwrap the key that is being exported. Enter the path and name of a file that contains a plaintext AES key. |
Example
Command: exSymKey -k 128 -out t1
PEM formatted public key is written to t1
exSymKey returned: 0x00 : HSM Return: SUCCESS