Skip to main content

Generate and Authorize Private Key

This is a sample steps in orde to generate and authorize new RSA private key using the cxitool and p11tool2. You need to have your KAK available and stored in a file in order to initialize and authorize the private key.

  1. Generate RSA key pair using the p11tool2:
p11tool2 Slot=0 LoginUser=user1 PubKeyAttr=CKA_LABEL="testkey01",CKA_ID=0x525342 PrvKeyAttr=CKA_LABEL="testkey01",CKA_ID=0x525342 GenerateKeyPair=RSA
  1. Identify the specifier of the generated RSA private key using the cxitool:
cxitool logonpass=USR_0000,user1 group=SLOT_0000 listkeys
  1. Initialize the generated RSA private key with the KAK:
cxitool logonpass=USR_0000,user1 group=SLOT_0000 spec=10 keyfile=/opt/utimaco/KAK.key,00000000 InitializeKey
  1. Authorize the generated RSA private key with the KAK:
cxitool logonpass=USR_0000,user1 group=SLOT_0000 spec=10 keyfile=/opt/utimaco/DemoCompany.key,00000000 AuthorizeKey
info

For more information on how to use cxitool, refer to the cxitool Manual. For more information on how to use p11tool2, refer to the PKCS#11 p11tool2 Reference Manual.