Creating a Key | Utimaco Integration Guides

Generate the key using p11tool2.

›_ Console

Bash

# For RSA
p11tool2 slot=<SLOT_NUMBER> LoginUser=ask PubKeyAttr=CKA_LABEL="CertKey" PrvKeyAttr=CKA_LABEL="CertKey" GenerateKeyPair=RSA

# For ECC
p11tool2 slot=<SLOT_NUMBER> LoginUser=ask PubKeyAttr=CKA_LABEL="TestECDSAKey" PrvKeyAttr=CKA_LABEL="TestECDSAKey",CKA_DERIVE=CK_TRUE GenerateKeyPair=ECC

The PKCS#11 PIN can be directly introduced in the LoginUser parameter, but this will be stored in plain text in the command history.

Verify that the keys are generated onto the HSM using the following command:

›_ Console

Bash

p11tool2 LoginUser=ask ListObjects
CKO_PUBLIC_KEY:
+ 1.1
  CKA_KEY_TYPE                   = CKK_RSA
  CKA_UNIQUE_ID                  = C92DB9A3-9D2C-4DB7-B217-EDC44BB5966C
  CKA_LABEL                      = CertKey
  CKA_ID                         = 
+ 1.2
  CKA_KEY_TYPE                   = CKK_ECDSA
  CKA_UNIQUE_ID                  = 3B4C290B-46FE-4F66-8E95-C7771A112A45
  CKA_LABEL                      = TestECDSAKey
  CKA_ID                         = 
CKO_PRIVATE_KEY:
+ 2.1
  CKA_KEY_TYPE                   = CKK_RSA
  CKA_UNIQUE_ID                  = 02F66F14-0BB7-45B9-9100-74CDF5F71F46
  CKA_SENSITIVE                  = CK_TRUE
  CKA_EXTRACTABLE                = CK_FALSE
  CKA_LABEL                      = CertKey
  CKA_ID                         = 
+ 2.2
  CKA_KEY_TYPE                   = CKK_ECDSA
  CKA_UNIQUE_ID                  = 6153C311-91E7-4CA5-875A-8CC43DF36732
  CKA_SENSITIVE                  = CK_TRUE
  CKA_EXTRACTABLE                = CK_FALSE
  CKA_LABEL                      = TestECDSAKey
  CKA_ID                         =