Initialize and Authorize Key for CP5 | Utimaco Integration Guides

Skip this section if you are not using CP5 HSM.

In CP5 a private key cannot be used without being authorized. For authorizing a key, you first need to initialize the private key with an authorization key then set the authorization with the AuthorizeKey command.

List keys using the cxitool.

›_ Console
`# cxitool dev=3001@127.0.0.1 LogonPass=USR_0000,123456 listkeys`

cxitool listkeys output

Note down spec id for RSA private key. In above case it is 3.

Check the status of the key initialization using the cxitool.

›_ Console
`# cxitool dev=3001@127.0.0.1 LogonPass=USR_0000,123456 group="SLOT_0000" spec=3 Keyinfo`

Key initialized status

The initialized status is false.
Run the command below to generate a user authentication key file ka.key, which contains an RSA key pair of the speciied size. This authentication key will be used to initialize the DKE_Key in the next step.

›_ Console
`# ./csadm genkey=ka.key,2048,"USR_0000" generating RSA key: ka.key, 2048 bits, owner: USR_0000`

Initialize the DKE_Key with the ka.key file using the cxitool.

›_ Console
`# cxitool dev=3001@127.0.0.1 LogonPass=USR_0000,123456 group="SLOT_0000"` `Spec=3 KeyFile=ka.key InitializeKey`

›_ Console

# cxitool dev=3001@127.0.0.1 LogonPass=USR_0000,123456 group="SLOT_0000"

Spec=3 KeyFile=ka.key InitializeKey

Initialize the DKE_Key with the ka.key file

Authorize DKE_Key with the Authentication Key file ka.key.

›_ Console
`#cxitool dev=3001@127.0.0.1 LogonPass=USR_0000,123456 group="SLOT_0000" Spec=3 KeyFile=ka.key AuthorizeKey=1000000`

6. Check the initialization status of keys.

›_ Console
`# cxitool dev=3001@127.0.0.1 LogonPass=USR_0000,123456 group="SLOT_0000" spec=3 Keyinfo`

Initialization status of keys

The initialized status is true.