Create HSM Key Profile

Please type the name of the profile in the designated profile name field.

Please select the profile type as HSM.

To upload the PKCS11 configuration file of the HSM, select "Upload" as the configuration type.

Instead of choosing "File," choose "Text Area" to paste the contents of the (.cfg) file into the "PKCS11 Configuration" field, which is shown in the figure below.

"Here is an example of a configuration file, as shown below:"

name = Luna
library = C:/LunaPCI/cryptoki.dll
attributes = compatibility
                    attributes(generate, *, *) = {
                    CKA_TOKEN = true
                    }
                    attributes(generate,CKO_PUBLIC_KEY,*) = {
                                                            CKA_ENCRYPT = true
                                                            CKA_VERIFY = true
                                                            CKA_WRAP = true
                                                            }
                                                            attributes(generate, CKO_PRIVATE_KEY,*) = {
                                                            CKA_EXTRACTABLE = false
                                                            CKA_DECRYPT = true
                                                            CKA_SIGN = true
                                                            CKA_UNWRAP = true
                                                            } slot = 1

Note: If an officer selects the HSM key profile created by the Administrator, all the CA, Root CA, and OCSP certificates will be created in the HSM. The officer should enter the "HSM" PIN.

Please enter a valid HSM PIN.

Click on the "Test Connection" button. If you are using HSM or PKCS12 profile types, the Test Connection option will be enabled. The page displayed will be as shown in the figure above.

Clicking the "Edit" button will redirect to the first step with filled details. The admin can edit the data and click on "Proceed".

In the second step, the admin should verify the entered data, sign, and authenticate using a valid email ID and token PIN as shown in the figure below.

By clicking "Confirm", you will be redirected to the next page.

Clicking "View All" redirects admins to the "Manage Key Profiles" page where all created profiles are visible.

Clicking on "+ New" will take the Admin to Step 1 of creating a new key profile.

The key profile that has been created will be updated on the "Manage key profile" page.

Last updated