Create HSM Key Profile
Follow the below steps to create an HSM Key Profile:
Choose the profile type as HSM.
To upload the PKCS11 configuration file of the HSM, select "Upload" as the Configuration Type.
Users have the option to provide the necessary details, upload the .cfg 'Configuration' file, and subsequently click on Test Connection to validate the correctness of the uploaded 'Configuration' file.
After a successful connection, selecting the Proceed button will present the following screen.
Click on the confirm button, it will redirect to the Complete page and generate the success message as shown below:
Click on the View All button to display the âManage key profileâ page and Click on the +New button to create another key profile.
Configuration Type - Textarea
To use the âTextâ configuration option:
On the Key Profile page click on the âNew Profileâ button.
Enter the profile name in the profile name field
Choose profile type as HSM
Choose âConfiguration Typeâ as Text Area, copy the text of the (.cfg) file, and paste it in place of PKCS11 Configuration as shown in the below figure.
Sample configuration file as shown below:
name = Luna
library = C:/LunaPCI/cryptoki.dll
attributes = compatibility
attributes(generate, *, *) =
{
CKA_TOKEN = true
}
attributes(generate,CKO_PUBLIC_KEY,*) =
{
CKA_ENCRYPT = true
CKA_VERIFY = true
CKA_WRAP = true
}
attributes(generate, CKO_PRIVATE_KEY,*) =
{
CKA_EXTRACTABLE = false
CKA_DECRYPT = true
CKA_SIGN = true
CKA_UNWRAP = true
}
slot = 1
Note: If the officer selects the HSM key profile created by the Administrator then all the CA and OCSP certificates will be created in HSM. The officer should enter the âHSMâ Password.
Click on âTest Connectionâ (For HSM And PKCS12 profile types Test Connection Option will be enabled) the below page will be displayed.
Click on the âEditâ button it will redirect to the Create Profile page with filled details, Admin can edit the data by clicking on âProceedâ.
In the Verify & Confirm page, the Admin should verify the data entered and the Admin should sign and Authenticate with a valid email ID and token PIN as shown in the below figure.
Click on the âConfirmâ button which will redirect to the next page.
Select the âView Allâ button the application will redirect the Admin to the âManage Key Profileâ page where all the key profiles created will be visible.
Click on â+ Newâ will redirect the Admin to the Create Profile page of key Profile creation where the admin should be able to create a new key profile.
The created key profile will be updated on the âManage key profileâ page.
Last updated