cmu import
This function:
>Imports X.509 certificates from a file to the token or HSM. The file may include a single DER encoded binary certificate or a CMSS PKCS #7 certificate or certificate set. Either type of certificate can be binary or PEM (base 64) encoded. An optional label can be defined as a function parameter. If omitted, the common name of the certificate subject is chosen as the label.
>Imports a public key onto an HSM partition
Syntax
cmu import -inputFile=<filename> [-label=<label>] [-pubkey=<keytype>]
| Argument(s) | Description |
|---|---|
| -inputFile=<filename> | Defines the name of the file containing the certificate to import. |
| -label=<label> | Defines a label to apply to the imported file. If the file is a certificate, and no label is defined, the Common Name portion of the certificate distinguished name is used instead. If the file is a public key, it can be any text you care to apply. |
| -private=<T> or <F> | Defines whether a certificate is created in the private space (default is -private=T). Set -private=F to make the created certificate publicly accessible for applications that need to acquire the certificate without need for authentication. |
| -pubkey=<keytype> | When the input file is a public key, defines the type of key to be imported. Possible values are rsa, dsa, ecdsa, eddsa, mldsa, or mlkem. |
Common CMU Options
Some options are commonly available to all cmu commands. They are described below.
| Argument(s) | Description |
|---|---|
| -ecdsasigpadalways | Specifies that you wish to pad ecdsa signature R and S values with a leading 0. |
| -ecdsasigpadnever | Specifies that you do not wish to pad ecdsa signature R and S values. |
|
-password=<password> -pin=<password> |
The password for the role accessing the current slot, with the current command. If this is not specified, it is prompted. |
| -slot=<slot#> | The slot to be acted upon, by the current command. If this is not specified, it is prompted. |
| -so | Specifies that you wish to perform the command as Partition Security Officer for that slot. If a role is not specified, the Crypto Officer role is used by default. |
Example
The following example inputs the public key in secp521r1-pub.pem
cmu import –in secp521r1-pub.pem –label ID3pubkey –pubkey=ecdsa Select token [0] Token Label: tsb012 [1] Token Label: txb161 Enter choice: 1 Please enter password for token in slot 1 : ******* cmu list Select token [0] Token Label: tsb012 [1] Token Label: txb161 Enter choice: 1 Please enter password for token in slot 1 : ******* handle=235 label=ID3pubkey
