zpckey - Man Page
A key management tooling for protected key origins, used by the OpenSSL provider for protected keys (hbkzpc provider).
Synopsis
zpckey [-h|–help] [-V|–version]
zpckey compose <REQ-ARGS> [<OPT-ARGS>] <ORIGIN-ARGS>
zpckey show <REQ-ARGS> [<OPT-ARGS>]
Description
The zpckey command provides key management functions for protected key origins, used by the hbkzpc provider (hbkzpcprovider(7)). IBM Z and IBM LinuxONE offer different types of cryptographic hardware with different features, including the CP Assist for Cryptographic Functions (CPACF) and the IBM Crypto Express (CEX) features.
The CPACF provides functions to perform cryptographic operations with a kind of hardware-backed keys, the so called protected keys.
The CEX cards provide secure key generation and storage (secure keys), as well as cryptographic operations with these keys.
Options
- -V, --version
Show version
- -h, --help
Show short help
Zpckey Compose
The compose command supports the composition of protected key origins, which can be used for the hbkzpc provider.
Required Arguments
- -t, --origin-type <otype>
Protected key origin type
- -a, --origin-alg <oalg>
Protected key origin algorithm
Protected key origin types (<otype>)
- uv: Ultravisor retrievable secrets
Protected key origin algorithms (<oalg>)
- prime256v1 (alt.: 1.2.840.10045.3.1.7)
- secp384r1 (alt.: 1.3.132.0.34)
- secp521r1 (alt.: 1.3.132.0.35)
- ED25519 (alt.: 1.3.101.112)
- ED448 (alt.: 1.3.101.113)
- AES-128
- AES-192
- AES-256
- AES-128-XTS
- AES-256-XTS
Optional Arguments
- -p, --pubkey <file>
Public key file
- -o, --out <file>
Output file
- --outform <format>
Output file format URI, DER or PEM (default: PEM)
- -c, --comment <string>
Comment (metadata)
- -h, --help
Show short help
Origin Arguments
- For <otype> = uv, one out of the following must be specified:
- --uv-secret-id <hexstring>
UV secret ID
- --uv-secret-name <string>
UV secret name
Zpckey Show
The show command prints information about the key file to stdout.
Required Arguments
- -i, --in <file>
Input file
Optional Arguments
- --inform <format>
Input file format PEM or DER (default: PEM)
- -h, --help
Show short help
See Also
hbkzpcprovider.conf(5), hbkzpcprovider(7)