GUI: Generating and Wrapping Your Key

1. Open the P11CAT.

2. Select the appropriate Slot and login as Normal User.

3. Click Object Management.

4. Click Generate -> Generate Key.

5. Chose Mechanism: AES.

6. In the Create Attribute List write:

"CKA_LABEL=<key_label>,CKA_ID=<key_ID>,CKA_EXTRACTABLE=CK_TRUE"

Setting key parameters

7. Click OK and then click Generate.

8. The key is now generated. It still needs to be wrapped by using the Utimaco byoktool.

9. Navigate to the folder where you have the byoktool saved. Execute the following command to wrap the key by using the public key downloaded from Google Cloud KMS:

> byoktool Dev=<IP_of_UTIMACO_HSM> LogonPass=USR_0000,<user_password> 
Label="<key_label>" CSP=gcp PublicKey=<Wrapping_Key_File>" 
WrappedKey="<Wrapped_Key_OutputFile>"

Wrapping key with byoktool