Hsm-Clone-Kwk (Hsm Models) - IBM WebSphere XS40 Command Reference Manual

v Deletes the FWCred-1 Firewall Credentials.

hsm-clone-kwk (HSM models)

Clones a key wrapping key between HSM-equipped appliances.
Syntax
hsm-clone-kwk [input filename] [output filename]
Parameters
input filename
output filename
Guidelines
This command is available only on systems with an internal HSM.
Use the hsm-clone-kwk command if two HSM-equipped systems share the same
red (hardware) key and if both systems are at the same FIPS security level. This
command copies the key-wrapping key from the source HSM system to the
destination HSM system. You must run this command four times.
1. On the source HSM system, create an output file (for example,
2. On the destination HSM system, create an output file (for example,
3. On the source HSM system, create an output file (for example,
4. On the destination HSM system, use the copied file (for example,
At this point, the source and destination HSM systems share the same
key-wrapping key. After cloning the key-wrapping key on each HSM domain
member, the domain member can share keys in the following way:
1. Creating an export crypto object
2. Transferring the export crypto object to a target system in the HSM domain
3. Importing the export crypto object on the target system
Refer to the HSM documentation for information about performing the key cloning
task from the WebGUI.
# no fwcred FWCred-1
Firewall Credentials 'FWCred-1' deleted
#
Indicates the name of the local file to use as input to the cloning action.
During the first part of this four-part task, do not specify this parameter.
During the other parts of this task, this parameter is required.
Indicates the name of the local file that the cloning action creates. During
the last part of this four-part task, do not specify this parameter. During
the other parts of this task, this parameter is required.
temporary:///source-one that contains the key material. After validating that
the command created the file, copy it to the destination HSM system.
temporary:///destination-two that uses the copied file (for example,
temporary:///source-one) as the input file. After validating that the command
created the file, copy it to the source HSM system.
temporary:///source-three that uses the copied file (for example,
temporary:///destination-two) as the input file. After validating that the
command created the file, copy it to the destination HSM system.
temporary:///source-three) as the input file.
Chapter 11. Crypto configuration mode
221