Breadcrumbs

Initialize and Authorize Keys for CP5

Skip this section if you are not using CP5 HSM.

In CP5 a private key cannot be used without being authorized. For authorizing a key, you first need to initialize the private key with an authorization key, then set the authorization with the AuthorizeKey command.

  1. List Keys using the cxitool:

›_ Console

C:\Program Files\Utimaco\DKE>cxitool dev=3001@127.0.0.1 LogonPass=USR_0000,123456 listkeys

tmpf63hs5tu.jpg

cxitool listkeys output

Note down the spec id for RSA private key. In our example it is 3.

  1. Check Status of Key Initialization using cxitool:

›_ Console

C:\Program Files\Utimaco\DKE>cxitool dev=3001@127.0.0.1

LogonPass=USR_0000,123456 group="SLOT_0000" spec=3 Keyinfo

tmp53kxss57.jpg

Key initialized status

As you can see key initialized status is false.

  1. Run the command below to generate the user authentication key file ka.key, that contains an RSA key pair of the given size. This authentication key will be used to initialize the DKE_Key in the next step.

›_ Console

C:\Program Files\Utimaco\DKE>csadm genkey=ka.key,2048,"USR_0000" generating RSA key: ka.key, 2048 bits, owner: USR_0000

tmpy7jkuu4w.jpg

cxitool listkeys output

  1. Initialize the DKE_Key with ka.key file using the cxitool:

›_ Console

C:\Program Files\Utimaco\DKE>cxitool dev=3001@127.0.0.1

LogonPass=USR_0000,123456 group="SLOT_0000" Spec=3 KeyFile=ka.key InitializeKey

tmp3120tkmt.jpg

Initialize the DKE_Key with the ka.key file

  1. Authorize the DKE_Key with the authentication key file ka.key:

›_ Console

C:\Program Files\Utimaco\DKE>cxitool dev=3001@127.0.0.1

LogonPass=USR_0000,123456 group="SLOT_0000" Spec=3 KeyFile=ka.key AuthorizeKey=1000000

tmphj_pfvmi.jpg

cxitool listkeys output

  1. Check the initialization status of the key:

›_ Console

C:\Program Files\Utimaco\DKE>cxitool dev=3001@127.0.0.1

LogonPass=USR_0000,123456 group="SLOT_0000" spec=3 Keyinfo

tmpgbjxse03.jpg

Initialization status of the key

The key initialized status is true.