IBM Support

Cannot import RSA key with a public exponent less than 65447 to a Type 8441 HSM

Question & Answer


Question

Why can I not import an RSA key with a public exponent less than 65537 to the HSM (hardware security module) on a type 8441-53x appliance?

Answer

DataPower Type 8441 appliances include HSM firmware version 2.03 build 13 (CNN35XX-NFBE-FW-2.03-13-HW2.0). This HSM firmware version does not support the import RSA keys with a public exponent less than 65537 but supports only public exponents equal to 65537. To import RSA keys with public exponents less than or equal to 65537, you must upgrade the HSM firmware to version 2.04 build 48 (CNN35XX-NFBE-FW-2.04-48). You can upgrade the HSM firmware independent of whether the HSM is initialized.
Note: To change the HSM firmware version after you install one the following DataPower fix packs.
  • Version 7.6.0.16 or later
  • Version 2018.4.1.7 or later
You can obtain the following tools from IBM Fix Central. Search for text string HSM.
  • Use the idg-8441-hsm_FW_204_48.scrypt3 tool to upgrade the HSM firmware to version 2.04 build 48. This firmware version supports RSA keys public exponents less than or equal to 65537.
  • Use the idg-8441-hsm_FW_203_13.scrypt3 tool to downgrade the HSM firmware to version 2.03 build 13. This firmware version supports RSA key public exponents equal to 65557.
To determine whether your appliances has the HSM, use the show crypto-engine command. When the accelerator type is hsm3, the Type 8441 appliance has the HSM. This status provider also provides the status, which informs you whether the HSM is initialized.
To determine the HSM firmware version, use the service show component-firmware command.
  • Before the upgrade, the version is CNN35XX-NFBE-FW-2.03-13-HW2.0.
  • After the upgrade, the version is CNN35XX-NFBE-FW-2.04-48.

For more information about the HSM, see the DataPower version-specific documentation in IBM Knowledge Center.

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"Component":"General","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"7.6;2018.4","Edition":"Edition Independent","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
13 August 2019

UID

ibm10885308

Page Feedback