Breadcrumbs

Generating MKEK and HMAC Key on Utimaco HSM

  1. Generate the MKEK using the below command.

›_ Console

# chmod 666  /tmp/cs_pkcs11_R3.log
# su -s /bin/sh -c "barbican-manage hsm gen_mkek --library-path '/opt/utimaco/lib/libcs_pkcs11_R3.so' --passphrase 1234567890 --slot-id 3 --label 'mkek_utimaco' --length 32" barbican
image-20250612-102234.png
MKEK Key Generation

  1. Generate the HMAC Key using the below command.

›_ Console

# su -s /bin/sh -c "barbican-manage hsm gen_hmac --library-path '/opt/utimaco/lib/libcs_pkcs11_R3.so' --passphrase 1234567890  --slot-id 3 --label 'hmac_utimaco' --length 32" barbican
image-20250612-102401.png
HMAC Key Generation

  1. Verify that the keys are generated on the Utimaco HSM using the p11tool2 command.

›_ Console

#./p11tool2 slot=<slot_id> LoginUser=<Crypto_User_PIN> ListObjects

  1. Restart the OpenStack-Barbican-API and httpd services.

›_ Console

# systemctl restart openstack-barbican-api.service

# systemctl restart httpd