I’ve been trying to export a private key from one domain onto another private domain? The HSM key is already generated, just curious if I can move it?

Hi Zac,

This is not possible as once an HSM key is generated it has an immutable label attribute. The label can't be changed.

Yes. I is not possible to export the private key from HSM. This is the design of HSM. Private keys are protected in hardware device. No way it can be tampered are replicated to another device, and key cannot be stored in any computer as file.

Balraj

Well, there is a way to export a priv key, using Key Warpping Key method, but there are some pre-requisites to met: 

http://www-01.ibm.com/support/docview.wss?uid=swg21412061

https://www.ibm.com/support/knowledgecenter/en/SS9H2Y_7.2.0/com.ibm.dp.doc/hsm2_cloningkeys.html

the export/import is between HSM devices only. We cannot export private key into a file.

Balraj

Correct, only Public Keys can be exported and then only under "Crypto Tools". Private keys you can never get out from DataPower but they are included in Secure Backup (if allowed at init of DataPower) and then the keys are encrypted by DataPowers internal encryption and can only be restored to another (then identical) DataPower instance.

----------------------------------------------
Anders Wasén, Sr. Solutions Architect
(a.k.a. "Offline" in DeveloperWorks)

IBM Champion, IBM DataPower Gateways, IBM Transformation Extender