Breadcrumbs

Generating and Preparing your CMK: GUI

  1. Open the P11CAT.

  2. Select the appropriate Slot and log in as User.

  3. Click Object Management.

  4. Click Generate > Generate Key.

  5. Choose Mechanism: AES.

  6. In the Create Attribute List enter: "CKA_LABEL=<CMK_label>,CKA_EXTRACTABLE=CK_TRUE"

  7. Click Generate. The CMK key is now generated. It should still be wrapped by using the Utimaco byoktool.

  8. Navigate to the folder where you have the byoktool saved. Execute the following command to wrap the CMK key, by using the key downloaded from AWS KMS:

›_ Console 

> byoktool Dev=<IP_of_UTIMACO_HSM> LogonPass=USR_0000,<user_password> 

Label="<CMK_label>" CSP=aws-kms PublicKey="<publickey>" 

WrappedKey="<wrappedkey.byok>"

Command Parameters:

  • <publickey> is the filename of the public key downloaded from AWS, i.e. either wrappingKey_<keyId> extracted from the ZIP file or the converted AWSPublicKey.der.

  • <wrappedkey.byok> is the filename of the wrapped CMK. Extensions .byok is a requirement for AWS.