All Products
Search

This Product

    Key Management Service:genDSAKeyPair

    Document Center

    Key Management Service:genDSAKeyPair

    Last Updated:Nov 11, 2024

    This topic explains how to generate a Digital Signature Algorithm (DSA) key pair using the genDSAKeyPair command in HSM.

    Feature description

    The genDSAKeyPair command allows for the creation of a DSA key pair on HSM.

    Important

    Prior to executing this command, initiate the key_mgmt_tool and sign in to the HSM as a CU.

    Syntax

    Enter the parameters following the syntax provided. For descriptions of each parameter, refer to Parameters.

    genDSAKeyPair -m <modulus length> 
              -l <label> 
              [-id <key ID>] 
              [-min_srv <minimum number of servers>] 
              [-m_value <0..8>]
              [-nex] 
              [-sess] 
              [-timeout <number of seconds> ]
              [-u <user-ids>] 
              [-attest]
    Important

    Parameters must be entered in the order outlined by the syntax.

    Example

    Below is an example of generating a 2048-bit DSA key pair with the label 'DSA'. The output indicates that the public key handle is 10 and the private key handle is 11.

    Command:  genDSAKeyPair -m 2048 -l DSA

       	Cfm3GenerateKeyPair: returned: 0x00 : HSM Return: SUCCESS

       	Cfm3GenerateKeyPair:    public key handle: 10    private key handle: 11

       	Cluster Status:
       	Node id 0 status: 0x00000000 : HSM Return: SUCCESS

    Parameters

    Parameter name

    Description

    Required

    Valid values

    -m

    Defines the key size in bits.

    Yes

    2048

    -l

    Sets the key label.

    Yes

    No Special Requirements

    -id

    Assigns an ID to the generated key.

    No

    No Special Requirements

    -sess

    Marks the key as the current session key.

    No

    No Special Requirements

    -nex

    Designates the key as non-exportable.

    No

    No Special Requirements

    -u

    Lists user IDs authorized to share the key, separated by commas.

    No

    No Special Requirements

    -m_value

    Defines the maximum number of users permitted to utilize the private key within the created DSA key pair.

    No

    0 to 8

    -attest

    Conducts a firmware response integrity verification.

    No

    No Special Requirements

    -min_srv

    • Defines the minimum number of servers that must be synchronized within the specified timeout period.

    • If synchronization to the required number of servers is not achieved within the timeout, the key will not be created.

    No

    No Special Requirements

    -timeout

    • Sets the synchronization timeout in seconds for the key to reach the specified number of servers (refer to min_srv).

    • This parameter is applicable only when used in conjunction with the min_srv parameter.

    • By default, there is no timeout, and the command will wait indefinitely until the key is synchronized with the minimum required servers.

    No

    No Special Requirements