Create HSM Key Profile

Follow the below steps to create an HSM Key Profile:

Choose the profile type as HSM.

To upload the PKCS11 configuration file of the HSM, select "Upload" as the Configuration Type.

Users have the option to provide the necessary details, upload the .cfg 'Configuration' file, and subsequently click on Test Connection to validate the correctness of the uploaded 'Configuration' file.

After a successful connection, selecting the Proceed button will present the following screen.

Click on the confirm button, it will redirect to the Complete page and generate the success message as shown below:

Click on the View All button to display the ‘Manage key profile’ page and Click on the +New button to create another key profile.

Configuration Type - Textarea

To use the ‘Text’ configuration option:

  • On the Key Profile page click on the “New Profile” button.

  • Enter the profile name in the profile name field

  • Choose profile type as HSM

  • Choose ‘Configuration Type’ as Text Area, copy the text of the (.cfg) file, and paste it in place of PKCS11 Configuration as shown in the below figure.

Sample configuration file as shown below:

name = Luna

library = C:/LunaPCI/cryptoki.dll

attributes = compatibility

attributes(generate, *, *) =

{

CKA_TOKEN = true

}

attributes(generate,CKO_PUBLIC_KEY,*) =

{

CKA_ENCRYPT = true

CKA_VERIFY = true

CKA_WRAP = true

}

attributes(generate, CKO_PRIVATE_KEY,*) =

{

CKA_EXTRACTABLE = false

CKA_DECRYPT = true

CKA_SIGN = true

CKA_UNWRAP = true

}

slot = 1

Note: If the officer selects the HSM key profile created by the Administrator then all the CA and OCSP certificates will be created in HSM. The officer should enter the “HSM” Password.

Click on “Test Connection” (For HSM And PKCS12 profile types Test Connection Option will be enabled) the below page will be displayed.

Click on the “Edit” button it will redirect to the Create Profile page with filled details, Admin can edit the data by clicking on “Proceed”.

In the Verify & Confirm page, the Admin should verify the data entered and the Admin should sign and Authenticate with a valid email ID and token PIN as shown in the below figure.

Click on the “Confirm” button which will redirect to the next page.

Select the “View All” button the application will redirect the Admin to the “Manage Key Profile” page where all the key profiles created will be visible.

Click on “+ New” will redirect the Admin to the Create Profile page of key Profile creation where the admin should be able to create a new key profile.

The created key profile will be updated on the “Manage key profile” page.

PreviousKey Profile CreationNextCreate PKCS12 Key Profile

Last updated