Enable the DUS and EWV multi-usage combinations for asymmetric keys

2min

For this step, you must log in with an identity that has a role with the Security:Key Settings permission. You can use the default Administrator role and Admin identities.
The EJBCA application requires asymmetric keys with multiple usages, which you can configure, but the  does not enable this by default.
You must enable the following multi-usage combination for all users, including anonymous users, due to how the EJBCA application creates the keys on the HSM:
DUS (Decrypt, Unwrap, Sign)
EWV (Encrypt, Wrap, Verify)
Choose one of the following methods to enable DUS and EVW:
Excrypt Manager
FXCLI
1
Go to the Extended Options menu.
2
Select Asymmetric Authorize in the Usage drop-down menu, and select [ Add ].
3
Select the DUS usage combination and select [ OK ]. 
4
Repeat the preceding steps to add the EWV multi-usage combination for Asymmetric Authorize.
5
Now, select Asymmetric Anonymous in the Usage drop-down menu and enable both the DUS and EWV multi-usage combinations.
6
Select [ Save ] in the lower-right corner of the window to save the changes.
1
Run the following FXCLI commands to add the DUS and EWV multi-usage combinations for asymmetric keys for all users:
FXCLI
multi-usage add --asymmetric --auth -d -u -s
multi-usage add --asymmetric --auth -d -u -s
﻿
FXCLI
multi-usage add --asymmetric --auth -e -w -v
multi-usage add --asymmetric --auth -e -w -v
﻿
FXCLI
multi-usage add --asymmetric --anon -d -u -s
multi-usage add --asymmetric --anon -d -u -s
﻿
FXCLI
multi-usage add --asymmetric --anon -e -w -v
multi-usage add --asymmetric --anon -e -w -v
﻿
﻿
﻿

Updated 27 Jul 2024

Did this page help you?

Configure TLS authentication

Edit the Futurex PKCS #11 configuration file