Describe an AWS CloudHSM error using KMU

This command gets the error description for the 0xdb error code. The description explains that an attempt to log in to key_mgmt_util failed because the user has the wrong user type. Only crypto users (CU) can log in to key_mgmt_util.

        Command:  Error2String -r 0xdb
        
        Error Code db maps to HSM Error: Invalid User Type.

This example shows where to find the error code in a key_mgmt_util error. The error code, 0xc6, appears after the string: Cfm3command-name returned: .

In this example, getKeyInfo indicates that the current user (user 4) can use the key in cryptographic operations. Nevertheless, when the user tries to use deleteKey to delete the key, the command returns error code 0xc6.

        Command:  deleteKey -k 262162

        Cfm3DeleteKey returned: 0xc6 : HSM Error: Key Access is denied

        Cluster Error Status

        Command:  getKeyInfo -k 262162
        
        Cfm3GetKey returned: 0x00 : HSM Return: SUCCESS

       Owned by user 3

       also, shared to following 1 user(s):

                4
        

If the 0xc6 error is reported to you, you can use an Error2String command like this one to look up the error. In this case, the deleteKey command failed with an access denied error because the key is shared with the current user but owned by a different user. Only key owners have permission to delete a key.

        Command:  Error2String -r 0xa8
        
        Error Code c6 maps to HSM Error: Key Access is denied