crypto-import
This command uses an input file to create a certificate or a key. For a key, the crypto file is created on the HSM.
Syntax
- Create a certificate
- crypto-import cert name input file
- Create a key on an HSM-enabled appliance
- crypto-import key name input file [password-alias alias]
Parameters
keyname- The name of the key to create.
certname- The name of the certificate to create.
inputfile- The name and location of the file to import.
passwordpassword- The password that encrypted the input file. This parameter is mutually exclusive to the
password-aliasparameter. password-aliasalias- The password alias that encrypted the input file. This parameter is mutually exclusive to the
passwordparameter.
Guidelines
The crypto-import command uses an input file to create a certificate or a key.
For a key, the crypto file is created on the HSM. The following scenarios are available for keys.
- Import a key that is in the temporary: directory. In this case, the key might be password-protected and requires the password parameter.
- Import a key that is exported with the crypto-export command from the HSM with the key-wrapping key. In this case, the key file is wrapped with the key-wrapping key and a password is never used. The key-wrapping key must be cloned with the hsm-clone-kwk command on the appliance.
The export and import of private keys are constrained to its application domain. In other words,
the DataPower® domain of the export must be the same
application domain for the import. For example, if the export is from the myDomain1
domain, you must be in the myDomain1 domain on another appliance to import it.
Examples
- Create the
bobcertificate from theexportBob.xmlexport package in thetemporarydirectory.# crypto-import cert bob input temporary:///exportBob.xml - Create the
bobKeyprivate key on the HSM from thebobKey.pemfile in thetemporarydirectory. The key file is password-protected. The password is provided as an argument. You can later export the private key from the HSM with the HSM key-wrapping key method.# crypto-import key bobKey input temporary:///bobKey.pem password pass1word2 - Create the
bobHSMKeykey on the HSM from theexportBobHSMKey.xmlpackage in thetemporarydirectory. The package was exported from another HSM-equipped appliance with the key-wrapping key. No password argument is used to import a key that was exported from an HSM.# crypto-import key bobHSMKey input temporary:///exportBobHSMKey.xml