Skip to main content
Load the three required major keys on the Vectera Plus. The FTK, PMK, and BEK protect keys, users, and backups respectively. Three major keys must be loaded on the HSM before PKCS #11 operations can proceed.

Load the Futurex Token Key (FTK)

The FTK wraps all PKCS #11 keys stored on the HSM.

Excrypt Manager

1

Navigate to Major Keys

Go to the Major Keys section and select FTK.
2

Generate or load the FTK

Generate a random FTK or load it from key fragments.

FXCLI

1

Generate random key fragments

Run the following command to generate random FTK fragments:
FXCLI
majorkey random --ftk --fragments-required 2 --fragments-total 3
2

Recombine fragments to load the FTK

Run the following command to recombine the fragments and load the FTK:
FXCLI
majorkey recombine --ftk
FTK loaded successfully.

Load the Platform Master Key (PMK)

The PMK wraps users and subordinate keys. The PMK uses 256-bit AES.

Excrypt Manager

1

Navigate to Major Keys and select PMK

Generate or load the PMK using the same process as the FTK.

FXCLI

1

Generate and load the PMK

Run the following commands to generate and load the PMK:
FXCLI
majorkey random --pmk --fragments-required 2 --fragments-total 3
majorkey recombine --pmk
PMK loaded successfully.

Load the Backup Encryption Key (BEK)

The BEK encrypts configuration and key backups.

Excrypt Manager

1

Navigate to Major Keys and select BEK

Generate or load the BEK using the same process as the FTK and PMK.

FXCLI

1

Generate and load the BEK

Run the following commands to generate and load the BEK:
FXCLI
majorkey random --bek --fragments-required 2 --fragments-total 3
majorkey recombine --bek
BEK loaded successfully.