Use p11tool to verify if the Keys are generated on HSM.
|
›_ Console
|
# /opt/utimaco/bin/p11tool2 LoginUser=123456 ListKeys
CKO_PRIVATE_KEY:
+ 1.1
CKA_KEY_TYPE = CKK_RSA
CKA_SENSITIVE = CK_TRUE
CKA_EXTRACTABLE = CK_FALSE
CKA_LABEL = f5-testkey___fcd9a1a2
CKA_ID =
0x63376362 37613132 62643131 64333233 |c7cb7a12bd11d323|
64616431 64633233 66636439 61316132 |dad1dc23fcd9a1a2|
|
When keys created on the HSM through F5 Big-IP, the last eight digits of the CKA_ID of the keys gets appended to the CKA_LABEL as described above.
The ASCII CKA_ID value shown in the above console window matches with the key-id in the below console window.
|
›_ Console
|
# tmsh list sys crypto key f5-testkey___fcd9a1a2
sys crypto key default.key {
key-size 2048
key-type rsa-private
security-type normal
}
sys crypto key f5_api_com.key {
key-size 4096
key-type rsa-private
security-type password
}
sys crypto key f5-testkey {
key-id c7cb7a12bd11d323dad1dc23fcd9a1a2
key-size 2048
key-type rsa-private
nethsm-partition auto
security-type nethsm
}
|
