Adding cryptographic objects by using the graphical user interface

Use the Clients page to add and associate cryptographic objects with a client that is registered with the IBM® Security Guardium® Key Lifecycle Manager server.

About this task

From the graphical user interface, you can add the following types of cryptographic objects and associate them with a client:
  • Symmetric keys
  • Key pairs
  • Certificate
Note: For a client that uses REST APIs for communicating with the IBM Security Guardium Key Lifecycle Manager server, use the appropriate REST APIs to create and associate the following cryptographic objects with the client:
  • Secret data
  • Opaque objects
  • Certificates

Procedure

  1. Log in to the graphical user interface.
  2. Click the Clients menu.
    The Clients page is displayed.
  3. Ensure that the client to which you want to add the cryptographic objects is created. If not, create the client.
    For detailed steps, see Creating a client by using the graphical user interface.
  4. Double-click the client to which you want to add a new cryptographic object.
    The Modify Client page is displayed.
  5. Click the Modify button for the Objects field.
    The Add Objects page is displayed.
  6. In the Add objects section, select one of the following types of objects and specify their property values:
    Object type Description
    None Do not add an object.
    Symmetric Key Specify the following configuration settings:
    • Number of symmetric keys for the client.
    • Cryptographic algorithm that is used to create the object, such as AES or 3DES.
    • Bit length of the symmetric key object.
    • A three-characters prefix for the key name.
    • Cryptographic usage mask that defines the cryptographic functions to be performed by using the object, such as Encrypt, Decrypt, Encrypt Decrypt, Sign, Sign Verify, Verify, Wrap, Unwrap, or Wrap Unwrap.
    Key Pair Create the asymmetric key pair object with the following configuration settings:
    • Number of key pair objects that you want to create.
    • Cryptographic algorithm that is used to create the object. Possible values are RSA and DSA.
    • A three-characters prefix for the key name.
    • Cryptographic usage mask that defines the cryptographic functions to be performed by using the object, such as Encrypt, Decrypt, Encrypt Decrypt, Sign, Sign Verify, Verify, Wrap, Unwrap, or Wrap Unwrap.
    Certificate Add a certificate to the client.

    Specify the following configuration settings:

    • Certificate name: Specify the name of the certificate.
    • IP Address: Specify the IP address of the server that is using the certificate.
    • Port: Specify the port number of the server that is using the certificate.
    • Application Name: Specify the name of the application that is using the certificate. For example, HR Administrator application.
    • Upload certificate: To upload a certificate file, select one of the following options:
      • File: Select File and click Browse. Go to the location of the certificate file. Select the file and click Open.
      • Certificate content: When you select Certificate content, a text box is displayed. Paste the certificate content directly in the text box. The text must include content from Begin Certificate to End Certificate.

        If there are multiple certificates in a single file (for example, in case of a certificate chain), copy the entire content of the certificate and copy it to the text box.
  7. To save and add more objects, click Save and Add More Objects, and repeat the earlier steps.
  8. Click Save and Exit.