Restoring a Keyset

Precautions

>To restore a key that was previously backed up, the same password and keyset name must be used.

>Extreme care should be taken to ensure that keys which are being restored DO NOT already exist on the SafeNet ProtectToolkit-M system. A restore operation DOES NOT replace existing keys, but will restore a second instance of the same key pair. If you have accidentally created multiple instances of the same key pair, SafeNet ProtectToolkit-M will mark the affected keyset as being invalid. Please refer to Known Issues for details on how to address this type of problem.

To restore a keyset:

1.Create a new keyset with the same name and password as the original. See the section in Setup and Configuration for the procedure.

2.To restore a keyset from file, from a command prompt type the following, substituting the slot number of the keyset to restore for n and the name of the file containing the keyset for fileName.

ctkmu i –sn –wBackupKey filename
 

NOTE   When restoring the MACHINE_Keyset or the SYSTEM_Keyset, enter the default value password as the user password. The device administrator password used to create the backup will also be prompted for.

Example

The example below will import a keyset to the token in slot 0 from a disk file named MachineKeyset.bak and unwrap, or decrypt, the data with the key which has a label of BackupKey. This operation will prompt for the user password for the keyset.

ctkmu i –s0 –wBackupKey MachineKeyset.bak
 


Customer Support Portal

SafeNet ProtectToolkit 5.4 Product Documentation  08 January 2020  Copyright 2009-2020 Gemalto. All rights reserved.