This topic explains the process of importing masked objects into HSM using the insertMaskedObject command, which also generates a new key.
Feature description
-
The insertMaskedObject command allows for the importation of masked objects into HSM and generates a new key. These masked objects are cloned from HSM using the extractMaskedObject command.
-
Using the insertMaskedObject in conjunction with extractMaskedObject, you can clone keys.
Ensure you have started the key_mgmt_tool and logged on to HSM as a CU before executing this command.
Syntax
Enter parameters as outlined in the syntax below. For detailed parameter descriptions, refer to Parameters.
insertMaskedObject -f <filename>
[-min_srv <minimum-number-of-servers>]
[-timeout <number-of-seconds>]Parameters must be entered in the sequence specified by the syntax.
Example
Below is an example demonstrating the import of a masked object named maskedObj, with the resulting output indicating that the handle of the new key is 20.
Command: insertMaskedObject -f maskedObj
Cfm3InsertMaskedObject returned: 0x00 : HSM Return: SUCCESS
New Key Handle: 20
Cluster Status:
Node id 0 status: 0x00000000 : HSM Return: SUCCESSParameters
Parameter name | Description | Required | Valid values |
-f | Specifies the file name of the masked object to be imported. | Yes | No Special Requirements |
-min_srv |
| No | No Special Requirements |
-timeout |
| No | No Special Requirements |