Key backup

Options for generating an individual backup of a key to file and also for restoring a backup file to a key in the HSM.

The backup is individual per key, i.e. each key is saved in a separate file. The key's exportability attribute is indifferent to backup generation and is saved together with the key material, so non-exportable keys can be backed up normally, and will remain non-exportable after restoration.

The generated file is protected by two layers: the first is encryption with the HSM's Master Key (SVMK) and the second is encryption with a key derived from the password (PBK) entered by the user.

Attention

The generated file can only be restored on HSMs that have been activated with the same Master Key (SVMK) as the source HSM.

To restore, you need to enter the password for the file and the identifier that the key will have in the HSM. It is therefore possible to restore a key with a different name (id) than the one it had in the original HSM.

Dinamo - Remote Management Console v. 4.7.18.3 2018 (c) Dinamo Networks

HSM 127.0.0.1 e - Engine 5.0.22.0 (DXP) - TCA0000000 - ID master

Keys/Objects - Key Backup



 1 - Backup
 2 - Restore














 0 - Main Menu

Option:

Dinamo - Remote Management Console v. 4.7.18.3 2018 (c) Dinamo Networks

HSM 127.0.0.1 e - Engine 5.0.23.0 (DST) - TCA0000000 - ID master

Keys/Objects - Key Backup - Backup

*******************************************************************************
* *
* Warning *
* *
* The generated key backup can only be restored in HSMs that were *
* activated with the same Server Master Key (SVMK) as this one.        *
* *
*******************************************************************************

Name (HSM) : akey
Key type is rsa2048.
Inform password to protect backup file (8 to 32 characters):
Password: ********
Confirm password: ********
Local file to save backup: mykey.backup

Backup created successfully.

Press ENTER key to continue...

Dinamo - Remote Management Console v. 4.7.18.3 2018 (c) Dinamo Networks

HSM 127.0.0.1 e - Engine 5.0.23.0 (DST) - TCA0000000 - ID master

Keys/Objects - Key Backup - Restore

*******************************************************************************
* *
* Warning *
* *
* The key backup to be restored must come from an HSM that was *
* activated with the same Server Master Key (SVMK) as this one.        *
* *
*******************************************************************************

Continue backup restoring (y/[n]): y

Local file to read key backup: mykey.backup
Password: ********
Restored key id (HSM): restoredkey

Key restoredkey : rsa2048, 2048 bits, not exportable, encrypted

Backup restored successfully.

Press ENTER key to continue...