Exporting keys
The -export command helps to export keys and keys groups across domains. The following list contains important information about exporting keys and key groups:
Keys are always exported along with their key group.
Keys and key groups are exported in an encrypted key container (file) on the host where the Key Management Service (KMS) utility (nbkmsutil) is executed.
The key container is pass phrase protected.
Note:
The same pass phrase must be provided when you want to import the keys and key groups.
Multiple ways of specifying the export contents are to select specific key groups or to selectively export keys.
Use the -export command as specified:
nbkmsutil -export -path <secure_key_container>
[ -key_groups <key_group_name_1 ...> | -key_file <key_file_name> ]
By default, the entire keystore is exported.
The -path command refers to a fully qualified path where the secure key container is stored.
The -key_groups command helps to list the key groups names that separated by spaces.
The -key_file command is the file path that lists the keys to be exported in a specific format.
The <key_group_name>/<key_name>command helps the user to export keys selectively. You can use a '*' to export all the keys from a particular group as shown:
<key_group_name>/*
You can use the nbkmsutil - listkeys - export command to generate an output in a format that this option requires. Refer nbkmsutil - listkeys - export for more details.
For more details about listing keys:
See Listing keys from a key group.
Note:
The -key_groups and -key_file commands are mutually exclusive.
Run the following command to export the entire keystore:
nbkmsutil -export -path <secure_key_container>
Run the following command to export selected key groups:
nbkmsutil -export -path
<secure_key_container> -key_groups
<key_group_name_1 key_group_name_2 ...>
Run the following command to export selectively export keys:
nbkmsutil -export -path
<secure_key_container> -key_file
<key_file_name>