Breadcrumbs

IG-2025-0009 GUI


  1. Open the P11CAT.

  2. Select the appropriate Slot and login as User.

  3. Click Object Management.

  4. Click Generate -> Generate Key.

  5. Chose Mechanism: AES.

  6. In the Create Attribute List write:

    CKA_LABEL=<key_label>,CKA_ID=<key_ID>,CKA_EXTRACTABLE=CK_TRUE

  7. Click Generate.

  8. The key is now generated. It still needs to be wrapped by using the Utimaco byoktool.

  9. Navigate to the folder where you have the byoktool Execute the following command to wrap the key material by using the certifcate downloaded from Salesforce:

    ›_ Console

    > byoktool dev=<Utimaco_CryptoServer_HSM_IP> LogonPass=<user>,<user_password> Label="<key_label>" csp=salesforce publickey=<downloaded_salesforce _certificate> wrappedkey=WrappedKey.dat hash=Hash_of_wrapped_key.hash