tklmKeyImport
Use the tklmKeyImport command to import secret keys or public/private key pairs. A secret key is a symmetric key. A public/private key pair is an asymmetric key pair with a public key and a private key. The private key file is in PKCS#12 format.
Purpose
Use this command to import secret keys or public/private key pairs. A secret key is a symmetric key. A public/private key pair is an asymmetric key pair with a public key and a private key. The private key file is in PKCS#12 format.To import secret keys, the import file can contain multiple keys. Each key contains the required alias value for that key. The import file must be generated by a previous tklmKeyExport command.
Permissions
To import the key, you must have permission to the configure action, or, create action and the permission to the appropriate device group. When you import a secret key, you must also have permission to configure, create, or view action for the asymmetric key pair that is specified by the keyAlias parameter.
Syntax
星號 (*) 指示已淘汰的值。 如果您輸入已淘汰的值,請勿包括星號。
tklmKeyImport -alias keyalias -newAlias newkeyalias -keyAlias keyalias -fileName pathandkeyfilename -keyStoreName keystorename -usage {LTO | 3592 | DS5000 | DS8000 | BRCD_ENCRYPTOR | ONESECURE | ETERNUS_DX | XIV | GPFS | PEER_TO_PEER | DS8000_TCT | GENERIC | userdevicegroup | SSLSERVER | SSL Server* | SSLCLIENT } -type {secretkey | privatekey} -password passwordvalue
Parameters
- -alias
- Required parameter in the following scenarios:
- If the value of the type attribute is secretkey and
you want to rename the key with the newAlias parameter during the import
process.
Specify a value for this parameter if you want to import a specific secret key from a keystore file that has multiple secret keys.
- If the value of the type attribute is privatekey and if the keystore file contains multiple private keys.
This parameter is not required when the keystore file contains only one private key. If you specify a value, it is ignored.
- If the value of the type attribute is secretkey and
you want to rename the key with the newAlias parameter during the import
process.
- -fileName
- Required. Specify the path and file name of the file from which keys are imported.
- -keyAlias
- Required if the value of the -type attribute is secretkey. Specify the alias of the private key entry in the keystore that is used to decrypt the secret key, or keys, from the file. Use the same alias value to import and export a secret key, or keys.
- -keyStoreName
- Required. Specify the name of the keystore into which the imported key is imported.
- -newAlias
- Specify a new value for the key alias.
- -password
- Required if the value of the -type attribute is privatekey. This password was previously specified by using the tklmKeyExport command. 如果您將私密金鑰匯出至 PKCS#12 檔,請確保在該檔案離開電腦之前,使用 FIPS 核准的方法來包裝含有金鑰的該檔案。
- -type
- Required. Specify whether the keys are secret or private. You
can include the following values:
- secretkey
- Specifies a symmetric key.
If you select this value, specify for the -usage attribute a value for a device group family that administers keys.
- privatekey
- Specifies an asymmetric key in a key pair with a public key and
a private key.If you select this value, specify for the -usage attribute a value for a device group that administers certificates, or specify one of these values:
- SSLCLIENT
- SSLSERVER
- -usage
- Required. Specify the target application usage, such as LTO 裝置群組. You can include the following values:
- LTO
- Specifies the LTO device group.
- 3592
- Specifies the 3592 device group.
- DS5000
- Specifies the DS5000 device group.
- DS8000
- Specifies the DS8000 device group.
- BRCD_ENCRYPTOR
- 指定 LTO 裝置系列中的 BRCD_ENCRYPTOR 裝置群組。
- ONESECURE
- 指定 DS5000 裝置系列中的 ONESECURE 裝置群組。
- ETERNUS_DX
- 指定 DS5000 裝置系列中的 ETERNUS_DX 裝置群組。
- XIV
- 指定 IBM Spectrum Accelerate(之前稱為 XIV)裝置群組。
- GPFS
- 指定 IBM Spectrum Scale(之前稱為 GPFS)裝置群組。
- PEER_TO_PEER
- Specifies the PEER_TO_PEER device group.
- DS8000_TCT
- Specifies the DS8000_TCT device group that is in the GPFS device family.
- GENERIC
- 指定使用金鑰管理交互作業能力通訊協定來與 IBM Security Key Lifecycle Manager 互動的裝置系列。
GENERIC 裝置群組能夠管理KMIP物件。
請勿使用指令行介面來將裝置新增至 GENERIC 裝置群組或變更 GENERIC 裝置群組屬性。
- SSLCLIENT
- 用戶端憑證,用於透過 Secure Socket Layer 通訊協定來鑑別用戶端裝置的安全通訊中。
- SSLSERVER
- 伺服器端憑證,用於透過 Secure Socket Layer 通訊協定進行的安全通訊中。
- userdevicegroup
- 指定基於受支援裝置系列的使用者定義群組。
Example
For tape usage, this Jython-formatted command imports a symmetric key named mysecretkey from a file named mykey.p12 into a keystore named myKeystore for use with LTO 磁帶機.
print AdminTask.tklmKeyImport ('[ -alias mysecretkey -type secretkey
-keyAlias mySecretKey -newAlias myNewSecretKey
-fileName c:\\myimportpath\\mykey.p12 -keyStoreName defaultKeyStore
-usage LTO]')This Jython-formatted command imports an asymmetric key in a key pair with a public key and a private key. A password is required.
print AdminTask.tklmKeyImport ('[-alias myprivatekey -type privatekey
-keyAlias myPrivateKeyAlias -fileName c:\\myimportpath\\myprivatekey.p12
-keyStoreName defaultKeyStore -usage SSLSERVER -password mypassword]')