Create HSM Key Profile
Last updated
Last updated
Follow the below steps to create an HSM Key Profile:
Choose the profile type as HSM.
To upload the PKCS11 configuration file of the HSM, select "Upload" as the Configuration Type.
Users have the option to provide the necessary details, upload the .cfg 'Configuration' file, and subsequently click on Test Connection to validate the correctness of the uploaded 'Configuration' file.
After a successful connection, selecting the Proceed button will present the following screen.
Click on the confirm button, it will redirect to the Complete page and generate the success message as shown below:
Click on the View All button to display the ‘Manage key profile’ page and Click on the +New button to create another key profile.
Configuration Type - Textarea
To use the ‘Text’ configuration option:
On the Key Profile page click on the “New Profile” button.
Enter the profile name in the profile name field
Choose profile type as HSM
Choose ‘Configuration Type’ as Text Area, copy the text of the (.cfg) file, and paste it in place of PKCS11 Configuration as shown in the below figure.
Sample configuration file as shown below:
Note: If the officer selects the HSM key profile created by the Administrator then all the CA and OCSP certificates will be created in HSM. The officer should enter the “HSM” Password.
Click on “Test Connection” (For HSM And PKCS12 profile types Test Connection Option will be enabled) the below page will be displayed.
Click on the “Edit” button it will redirect to the Create Profile page with filled details, Admin can edit the data by clicking on “Proceed”.
In the Verify & Confirm page, the Admin should verify the data entered and the Admin should sign and Authenticate with a valid email ID and token PIN as shown in the below figure.
Click on the “Confirm” button which will redirect to the next page.
Select the “View All” button the application will redirect the Admin to the “Manage Key Profile” page where all the key profiles created will be visible.
Click on “+ New” will redirect the Admin to the Create Profile page of key Profile creation where the admin should be able to create a new key profile.
The created key profile will be updated on the “Manage key profile” page.
name = Luna
library = C:/LunaPCI/cryptoki.dll
attributes = compatibility
attributes(generate, *, *) =
{
CKA_TOKEN = true
}
attributes(generate,CKO_PUBLIC_KEY,*) =
{
CKA_ENCRYPT = true
CKA_VERIFY = true
CKA_WRAP = true
}
attributes(generate, CKO_PRIVATE_KEY,*) =
{
CKA_EXTRACTABLE = false
CKA_DECRYPT = true
CKA_SIGN = true
CKA_UNWRAP = true
}
slot = 1
