cmu verifyhsm

Verify a Public Key Confirmation from a Luna HSM.

This command allows you to verify that the client is connected to a genuine Luna HSM, by creating and verifying a confirmation on a temporary key created in the HSM. It also includes a proof of possession that asks the HSM to sign a user-entered string as proof the associated private key is present within the target HSM.

Syntax

cmu verifyhsm -challenge="<string>" [-rootcert=<filename>] [-password=<password>] [-slot=<slot#>]

Argument(s) Description
-challenge Defines a user-entered string for the HSM to sign.
-rootcert Defines the name of the .pem file that contains the root certificate.
Common
-password=<password> The password for the role accessing the current slot, with the current command.  If this is not specified, it is prompted.  
-slot=<slote#> The slot to be acted upon, by the current command.  If this is not specified, it is prompted.  

Example

./cmu verifyhsm -challenge "1234567890" -rootcert safenet-root.pem
Select token
 [0] Token Label: mypartition-1
 [1] Token Label: mypartition-2
 Enter choice: 0
Please enter password for token in slot 0 : *******
Reading rootcert from file "rootcert.pem"... ok.
Generating temporary RSA keypair in HSM... ok.
Extracting PKC bundle from HSM... ok.
Verifying PKC certificate... ok.
Verifying DAC certificate... ok.
Verifying HOC certificate... ok.
Verifying MIC certificate... ok.
Verifying MIC against rootcert... ok.
Signing and verifying challenge... ok.
Verifying HSM serial number... ok.
Overall status: Success.