Skip to main content

Discover keys on HSMs

With Software Trust, you can discover existing keys on your HSM partitions, and then display those keys in the Keypairs list page.

There are two way to discover an HSM keypair:

  • By entering a key label

    • A key label refers to a set label that the user assigned to the key during the setup process on the HSM.

  • By uploading a file

    • We support .PEM and .KEY (DER-encoded public keys) files.

Before you begin

Review the following statements:

  • We only support Luna HSMs and DPOD.

    • We support version Luna 7 of SafeNet.

    • While we support Luna 6, we don't support P-521 ECDSA curves.

  • We support the following key algorithms and key sizes:

    Tabela 1.

    Key algorithm

    Key size

    RSA

    • 2048

    • 3072

    • 4096

    • 65537 (only supported as the modulus)

    ECDSA

    • P-256

    • P-384

    EdDSA

    • Ed25519


  • In order to make a key discoverable, the HSM must be mapped to a specific account on the CA Manager.

    • If an HSM is shared and mapped to all accounts, then the import fucntion will not work.

    • This restriction is a security measure that prevents cross-account keypair imports on shared HSMs.

  • For every keypair discovery, 1 cryptographic unit is consumed.

Discover a keypair on an HSM partition

  1. Sign in to DigiCert ONE.

  2. Select the Manager menu (top right) > Software Trust.

  3. Navigate to Keypairs.

  4. Select Discover HSM keypair.

  5. Enter a descriptive Keypair alias.

    • This name will be used to identify and display the keypair in the Keypairs page.

  6. Select how you want to discover the key, either by entering a key label (Discover key label) or by uploading a file (Discover with public key).

    • For Discovery key label:

      1. Enter the Key label that was entered during the setup process on the HSM.

      2. Select the Partition where the keypair is stored.

      3. Select the Algorithm for the keypair.

    • For Discovery with public key:

      1. Select the Partition where the keypair is stored.

      2. Select the Algorithm for the keypair.

      3. Select the File type of the file that you want to upload. We support .PEM and .KEY (DER-encoded public keys) files.

      4. Upload the file.

  7. Select Initiate key discovery, and then follow the on-screen prompts.

Nesta secção: