本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
列出具有 Cloud 之使用者的金鑰HSM CLI
使用 CloudHSM 中的 key list命令CLI來尋找 AWS CloudHSM 叢集中目前使用者的所有金鑰。輸出包含使用者擁有和共用的金鑰,以及 CloudHSM 叢集中的所有公有金鑰。
使用者類型
下列類型的使用者可以執行此命令。
-
管理員 (COs)
-
加密使用者 (CUs)
語法
aws-cloudhsm >help key listList the keys the current user owns, shares, and all public keys in the HSM cluster Usage: key list [OPTIONS] Options: --cluster-id<CLUSTER_ID>Unique Id to choose which of the clusters in the config file to run the operation against. If not provided, will fall back to the value provided when interactive mode was started, or error --filter [<FILTER>...] Key reference (e.g. key-reference=0xabc) or space separated list of key attributes in the form of attr.KEY_ATTRIBUTE_NAME=KEY_ATTRIBUTE_VALUE to select matching key(s) to list --max-items<MAX_ITEMS>The total number of items to return in the command's output. If the total number of items available is more than the value specified, a next-token is provided in the command's output. To resume pagination, provide the next-token value in the starting-token argument of a subsequent command [default: 10] --starting-token<STARTING_TOKEN>A token to specify where to start paginating. This is the next-token from a previously truncated response -v, --verbose If included, prints all attributes and key information for each matched key. By default each matched key only displays its key-reference and label attribute. This flag when used by Admins has no effect -h, --help Print help
範例
下列範例顯示執行 key list 命令的不同方式。下列範例以加密使用者身分顯示輸出。
範例:尋找所有金鑰:預設
此命令會列出 AWS CloudHSM 叢集中存在的已登入使用者的金鑰。
注意
根據預設,僅顯示目前登入使用者的 10 個金錀,且只顯示 key-reference 和 label 作為輸出。使用適當的分頁選項來顯示更多或更少的金錀作為輸出。
aws-cloudhsm >key list{ "error_code": 0, "data": { "matched_keys": [ { "key-reference": "0x00000000000003d5", "attributes": { "label": "test_label_1" } }, { "key-reference": "0x0000000000000626", "attributes": { "label": "test_label_2" } },. ...8 keys later... ], "total_key_count": 56, "returned_key_count": 10, "next_token": "10" } }
範例:尋找所有金鑰:詳細資訊
輸出包含使用者擁有和共用的金鑰,以及 中的所有公有金鑰HSMs。
注意
注意:按照預設,僅顯示目前登入使用者的 10 個金鑰。使用適當的分頁選項來顯示更多或更少的金錀作為輸出。
aws-cloudhsm >key list --verbose{ "error_code": 0, "data": { "matched_keys": [ { "key-reference": "0x000000000012000c", "key-info": { "key-owners": [ { "username": "cu1", "key-coverage": "full" } ], "shared-users": [], "cluster-coverage": "session" }, "attributes": { "key-type": "ec", "label": "ec-test-private-key", "id": "", "check-value": "0x2a737d", "class": "private-key", "encrypt": false, "decrypt": false, "token": false, "always-sensitive": true, "derive": false, "destroyable": true, "extractable": true, "local": true, "modifiable": true, "never-extractable": false, "private": true, "sensitive": true, "sign": false, "trusted": false, "unwrap": false, "verify": false, "wrap": false, "wrap-with-trusted": false, "key-length-bytes": 122, "ec-point": "0x0442d53274a6c0ec1a23c165dcb9ccdd72c64e98ae1a9594bb5284e752c746280667e11f1e983493c1c605e0a8071ede47ca280f94c6b2aa33", "curve": "secp224r1" } }, { "key-reference": "0x000000000012000d", "key-info": { "key-owners": [ { "username": "cu1", "key-coverage": "full" } ], "shared-users": [], "cluster-coverage": "session" }, "attributes": { "key-type": "ec", "label": "ec-test-public-key", "id": "", "check-value": "0x2a737d", "class": "public-key", "encrypt": false, "decrypt": false, "token": false, "always-sensitive": false, "derive": false, "destroyable": true, "extractable": true, "local": true, "modifiable": true, "never-extractable": false, "private": true, "sensitive": false, "sign": false, "trusted": false, "unwrap": false, "verify": false, "wrap": false, "wrap-with-trusted": false, "key-length-bytes": 57, "ec-point": "0x0442d53274a6c0ec1a23c165dcb9ccdd72c64e98ae1a9594bb5284e752c746280667e11f1e983493c1c605e0a8071ede47ca280f94c6b2aa33", "curve": "secp224r1" } } ], ...8 keys later... "total_key_count": 1580, "returned_key_count": 10 } }
範例:分頁傳回
下列範例將顯示僅顯示兩個金錀的金錀分頁子集。然後,此範例會提供後續呼叫,以顯示接下來的兩個金錀。
aws-cloudhsm >key list --verbose --max-items 2{ "error_code": 0, "data": { "matched_keys": [ { "key-reference": "0x0000000000000030", "key-info": { "key-owners": [ { "username": "cu1", "key-coverage": "full" } ], "shared-users": [], "cluster-coverage": "full" }, "attributes": { "key-type": "aes", "label": "98a6688d1d964ed7b45b9cec5c4b1909", "id": "", "check-value": "0xb28a46", "class": "secret-key", "encrypt": false, "decrypt": false, "token": true, "always-sensitive": true, "derive": false, "destroyable": true, "extractable": true, "local": true, "modifiable": true, "never-extractable": false, "private": true, "sensitive": true, "sign": true, "trusted": false, "unwrap": false, "verify": true, "wrap": false, "wrap-with-trusted": false, "key-length-bytes": 32 } }, { "key-reference": "0x0000000000000042", "key-info": { "key-owners": [ { "username": "cu1", "key-coverage": "full" } ], "shared-users": [], "cluster-coverage": "full" }, "attributes": { "key-type": "aes", "label": "4ad6cdcbc02044e09fa954143efde233", "id": "", "check-value": "0xc98104", "class": "secret-key", "encrypt": true, "decrypt": true, "token": true, "always-sensitive": true, "derive": false, "destroyable": true, "extractable": true, "local": true, "modifiable": true, "never-extractable": false, "private": true, "sensitive": true, "sign": true, "trusted": false, "unwrap": true, "verify": true, "wrap": true, "wrap-with-trusted": false, "key-length-bytes": 16 } } ], "total_key_count": 1580, "returned_key_count": 2, "next_token": "2" } }
若要顯示接下來的兩個金錀,可以進行後續呼叫:
aws-cloudhsm >key list --verbose --max-items 2 --starting-token 2{ "error_code": 0, "data": { "matched_keys": [ { "key-reference": "0x0000000000000081", "key-info": { "key-owners": [ { "username": "cu1", "key-coverage": "full" } ], "shared-users": [], "cluster-coverage": "full" }, "attributes": { "key-type": "aes", "label": "6793b8439d044046982e5b895791e47f", "id": "", "check-value": "0x3f986f", "class": "secret-key", "encrypt": false, "decrypt": false, "token": true, "always-sensitive": true, "derive": false, "destroyable": true, "extractable": true, "local": true, "modifiable": true, "never-extractable": false, "private": true, "sensitive": true, "sign": true, "trusted": false, "unwrap": false, "verify": true, "wrap": false, "wrap-with-trusted": false, "key-length-bytes": 32 } }, { "key-reference": "0x0000000000000089", "key-info": { "key-owners": [ { "username": "cu1", "key-coverage": "full" } ], "shared-users": [], "cluster-coverage": "full" }, "attributes": { "key-type": "aes", "label": "56b30fa05c6741faab8f606d3b7fe105", "id": "", "check-value": "0xe9201a", "class": "secret-key", "encrypt": false, "decrypt": false, "token": true, "always-sensitive": true, "derive": false, "destroyable": true, "extractable": true, "local": true, "modifiable": true, "never-extractable": false, "private": true, "sensitive": true, "sign": true, "trusted": false, "unwrap": false, "verify": true, "wrap": false, "wrap-with-trusted": false, "key-length-bytes": 32 } } ], "total_key_count": 1580, "returned_key_count": 2, "next_token": "4" } }
如需示範金鑰篩選機制如何在 CloudHSM 中運作的更多範例CLI,請參閱 使用 Cloud 篩選金鑰HSM CLI。
引數
<CLUSTER_ID>-
執行此操作的叢集 ID。
必要:如果已設定多個叢集。
<FILTER>-
索引鍵參考 (例如
key-reference=0xabc) 或以 形式分隔的索引鍵屬性清單attr.KEY_ATTRIBUTE_NAME=KEY_ATTRIBUTE_VALUE,以選取要列出的相符索引鍵。如需支援的 CloudHSM CLI金鑰屬性清單,請參閱 Cloud 的關鍵屬性HSM CLI
必要:否
<MAX_ITEMS>-
要在命令輸出中傳回的總項目數。若可傳回的總項目數超過指定值,會在命令的輸出中提供 next-token。若要繼續分頁,請在後續 starting-token 命令引數中提供 next-token 值。
必要:否
<STARTING_TOKEN>-
用以指定分頁開始位置的字符。這是來自先前已截斷回應的 next-token。
必要:否
<VERBOSE>-
如已包含,則會列印每個相符金錀的所有屬性和金鑰資訊。根據預設,每個相符金錀僅顯示其金錀參考和標籤屬性。管理員使用時,此旗標沒有效果。
必要:否
相關主題
