Services
Luna Cloud HSM Services
Luna Cloud HSM Service Integrations
CipherTrust Key Management Services
- CipherTrust Data Security Platform as a Service
payShield Cloud Services
- payShield Cloud HSM Service
  - Service Overview
  - Prerequisites
  - Getting Started
    - payShield Cloud HSM Configuration/Subscription Options
    - How to Subscribe to the payShield Cloud HSM Service
  - Service Specifications
  - Connecting to the payShield Cloud HSM Service
    - Azure Connection Guide
      - Create Express Route connection
      - Create a Virtual Network
      - Create a Virtual Network Gateway
    - GCP Connection Guide
    - AWS Connectiontion Guide
  - Service Provisioning from DPoD Platform
    - Trial Tier Provisioning
    - Production Tier Provisioning
    - View Sevice Status
  - HSM Management using payShield Manager
    - Preparing for HSM Commission
      - Install Smart Card Reader Driver
      - Check Your Proxy Configuration
      - Additional Steps for the First Time Users
        
        Install the Extension Component
        
        Enable the Extension Component
        
        Install the Local Application Component
      - Configure the Smart Card Reader
    - Steps to Commission payShield Manager
      - Create a new Security Domain
      - Load / Install the Security Domain
      - Create Left and Right Remote Access Control key cards
    - Adding Another HSM to the Security Domain
    - Transitioning between HSM States via payShield Manager
    - Viewing Network Interfaces in payShield Manager
  - HSM Deprovisioning
  - APPENDIX A - Glossary
  - APPENDIX B - DPoD Errors
- Point-to-Point Encryption
  - Adding a Point-to-Point Encryption Service
  - Using the service
  - P2PE CLI
    - p2pe key
      - p2pe key generate
      - p2pe key list
      - p2pe key delete
      - p2pe key export
    - p2pe service
      - p2pe service init
      - p2pe service changePwd
    - p2pe tls
      - p2pe tls init
      - p2pe tls requestcertificate
      - p2pe tls selfsigncertificate
  - P2PE REST API
  - P2PE errors
  - Service Details
  - Frequently Asked Questions
Partner Services

p2pe key export

Command to export a key under a RSA public key using RSA OAEP encryption. Users can export Key Encryption Keys (KEK) from the P2PE service. See p2pe key generate for more information about generating a KEK for exporting from the P2PE service.

On Windows operating systems execute the command from an Administrator Command Prompt. Right-click the Command Prompt and select Run as Administrator.

Linux


p2pe key export [flags]

Windows


p2pe.exe key export [flags]

Flag	Description
`--keyId`	The Id of the key to be exported.
`--certFile`	Certificate file containing the RSA public key. Acceptable file formats are: `.pem`, `.cer`, `.crt`, `.der`. Acceptable certificate encoding are PEM and DER.
`[--hashAlgo]`	Hash algorithm for RSA OAEP encryption. Options include `SHA-1`, `SHA-256`, `SHA-384`, `SHA-512`. (Default `SHA-256`)
`[--kcvType]`	Key Check Value calculation method. Options include `ZL6`, `CMAC`. (Default `ZL6`)
`--help`	Help for the command.

Linux Example


p2pe key export --keyId yzUEADoAAARcZAgA --certFile cert.pem --hashAlgo SHA-256 --kcvType ZL6

Windows Example


p2pe.exe key export --keyId yzUEADoAAARcZAgA --certFile cert.pem --hashAlgo SHA-256 --kcvType ZL6

Suggest A Change

p2pe key export

On this page