cmu import
This function:
>Imports X.509 certificates from a file to the token or HSM. The file may include a single DER encoded binary certificate or a CMSS PKCS #7 certificate or certificate set. Either type of certificate can be binary or PEM (base 64) encoded. An optional label can be defined as a function parameter. If omitted, the common name of the certificate subject is chosen as the label.
>Imports a public key onto an HSM partition
Syntax
cmu import -inputFile=<filename> [-label=<label>] [-pubkey=<keytype>]
| Argument(s) | Description |
|---|---|
| -inputFile=<filename> | Defines the name of the file containing the certificate to import. |
| -label=<label> | Defines a label to apply to the imported file. If the file is a certificate, and no label is defined, the Common Name portion of the certificate distinguished name is used instead. If the file is a public key, it can be any text you care to apply. |
| -private=<T> or <F> | Defines whether a certificate is created in the private space (default is -private=T). Set -private=F to make the created certificate publicly accessible for applications that need to acquire the certificate without need for authentication. |
| -pubkey=<keytype> | When the input file is a public key, defines the type of key to be imported. |
Common CMU Options
Some options are commonly available to all cmu commands. They are described below.
| Argument(s) | Description |
|---|---|
| -cu | Specifies that you wish to perform the command as the partition's Crypto User. If the CU is not authorized to perform the operation, the command fails. If a role is not specified, the Crypto Officer role is used by default. |
| -lco | Specifies that you wish to perform the command as the partition's Limited Crypto Officer. If the LCO is not authorized to perform the operation, the command fails. If a role is not specified, the Crypto Officer role is used by default. |
|
-password=<password> -pin=<password> |
The password for the role accessing the current slot, with the current command. If this is not specified, it is prompted. |
| -ped=<PED_ID> | Specifies the PED ID for the registered Remote PED that will handle authentication for the current slot, with the current command. You must specify this parameter to use Remote PED authentication. |
| -slot=<slot#> | The slot to be acted upon, by the current command. If this is not specified, it is prompted. |
| -so | Specifies that you wish to perform the command as Partition Security Officer for that slot. If a role is not specified, the Crypto Officer role is used by default. |
Example
The following example inputs the public key in secp521r1-pub.pem
cmu import –in secp521r1-pub.pem –label ID3pubkey –pubkey=ecdsa Select token [0] Token Label: tsb012 [1] Token Label: txb161 Enter choice: 1 Please enter password for token in slot 1 : ******* cmu list Select token [0] Token Label: tsb012 [1] Token Label: txb161 Enter choice: 1 Please enter password for token in slot 1 : ******* handle=235 label=ID3pubkey
