Offline Backup Key Scripts

This set of scripts controls public backup keys that are used by integrated applications, such as CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions..

ekm_set_offline_backup_key

Import a public key to an EP or Partner and propagate it to all servers within the server's family (all EPs or all Partners).

Note
In CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions., perform this action once in the selected EP and once in the selected Partner.

Syntax:

ekm_set_offline_backup_key
-k <PEM file with the public key>
[-s,--self <arg>] // EP Certified-IP

[-o <port>] // EP Bootstrap-Port.

Example:

sudo /opt/ekm/bin/ekm_set_offline_backup_key.sh -k ./rsa-key.pem

Operation completed successfully

ekm_get_offline_backup_key

This script prints the contents of the key. You can use it to verify the public key that is being used.

Syntax:

ekm_get_offline_backup_key
[-s,--self <arg>] // EP Certified-IP

[-o <port>] // EP Bootstrap-Port.

Example:

sudo /opt/ekm/bin/ekm_get_offline_backup_key.sh

-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAwc/ccCpp/EE9UDnhuJEmyuMh0ONti3+vRXoxhnCbDWHEdwjiqaXJ
// truncated
wOBGb0BwwwZ3X4BA+b8cKyxUWePOOdEadwIDAQAB
-----END RSA PUBLIC KEY-----

ekm_delete_offline_backup_key

Use this script to delete or replace this key. It deletes the key from:

  • server that executes the command.
  • from all its family members of this server (all EP or all Partners in the cluster).

Note
1. In CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions., perform this action once in the selected EP and once in the selected Partner.
2. CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. cannot run without the public key, so only delete the key if you replace it with a different key.

Warning
You must use the key that was in use when the vault was created for vault restore. Even if you update the key with ekm_set_offline_backup_key, previous vaults still use the old key.

Syntax:

ekm_delete_offline_backup_key
[-s,--self <arg>] // EP Certified-IP

[-o <port>] // EP Bootstrap-Port.