Wrapping a Key

Configure command to wrap a key.

The wrapKey command enables you to wrap sensitive keys from HSM to host. You can identify the key by its handle.

Open a command prompt and run wrapKey command to wrap sensitive keys from HSM to host. You can identify the key by its handle.

Note

Only a key owner can delete a key.

Syntax


Syntax: wrapKey -h -k <key to be wrapped> -w <wrapping key handle> -out <wrapped key file> [-m <wrapping mechanism>] [-aad <additional authenticated data filename>] [-noheader] [-i <wrapping IV>] [-iv_file <IV file>] [-tag_size <num_tag_bytes>]
 
Where,
Parameter Description
-h displays this information
-f specifies the key handle to wrap
-w specifies the wrapping key. enter the key handle of an AES key or RSA key value on the HSM.
-m The value representing the wrapping mechanism.
-out The path and output file name.
-aad name of the file containing aad.
-noheader Omits the header that specifies CloudHSM-specific key attributes.
-i The initialization vector (IV) (hex value).
-iv_file The file in which you want to write the IV value obtained in response.
-tag_size The size of tag to be saved along with wrapped blob.

Example

Command: wrapKey -k 129
 KeyMgmtUtilwrapKey returned: 0x00 : HSM Return: SUCCESS
 Cluster Status:
 Node id 0 status: 0x00000000 : HSM Return: SUCCESS