Create a new key in the HSM. The key unique identifier must be provided on the request and follow the hsm::<slot_number>::<key_identifier> format described above. Only the user identified by the hsm-admin argument can create keys in the HSM.
RSA and AES keys are supported. When creating an RSA key, the key_identifier will be that of the private key. The corresponding public key will be automatically created and stored in the HSM with the same key_identifier, but with the _pk suffix; for example, the public key of the hsm::1::mykey private key will be created with unique identifier hsm::1::mykey_pk.
Create an RSA 4096-bit key with the Cosmiian CLI:
❯ cosmian kms rsa keys create --size_in_bits 4096 --sensitive hsm::4::my_rsa_key
The RSA key pair has been created.
Public key unique identifier: hsm::4::my_rsa_key_pk
Private key unique identifier: hsm::4::my_rsa_key
Create an AES 256-bit key with the Cosmiian CLI:
❯ cosmian kms sym keys create --algorithm aes --number-of-bits 256 --sensitive hsm::4::my_aes_key
The symmetric key was successfully generated.
Unique identifier: hsm::4::my_aes_key
Keys should be flagged as sensitive when created in the HSM, so that the private key or symmetric key cannot be exported (see below Get and Export).
HSM keys do not support object tagging in this release.