Create a key
1. Key Management & Key List
This menu allows you to create and manage signing keys for JWT.
① From the left-hand menu, select [Key Management].
② On the right-hand screen, you will see [Key List] and [Create Key] buttons.
Key List
Label : A user-defined identifier entered during key creation.
Algorithm : The algorithm selected when creating the key.
CKA_ID : The unique ID automatically assigned to each key.
Created Date : The date the key was generated.
If multiple keys share the same Label, they are distinguished by CKA_ID. It is recommended to use a unique Label for each key whenever possible.
2. Key Creation
This screen allows you to generate a private key for JWT signing. Keys are securely created based on HSM, and users can customize the algorithm and key generation method.
Algorithm
RSA: A widely used public key algorithm compatible with most systems.
ECDSA (ECC): An elliptic curve-based algorithm offering better performance with shorter key lengths at the same security level.
Key Generation Type
Auto Generation (Random): The key is generated directly inside the HSM and never leaves it. This is the most secure and recommended method.
Manual Generation (Import): A key generated externally can be uploaded as a component file and stored securely. Useful for key sharding or externally controlled environments.
Label
A user-defined identifier to help distinguish each key. (Example : RSA_4096)
It is recommended to use a unique Label to avoid confusion.
Key Length (bits)
Available when RSA is selected.
Supported lengths: 2048, 4096
Curve (for ECC)
Available when ECDSA (ECC) is selected.
Supported curves: Prime256v1
2-1. Auto Generation
① Select the Algorithm and set the Generation Type to Auto.
② Enter a Label to identify the key.
③ Choose the Key Length (for RSA) or Curve (for ECC).
④ Click the [Create] button to generate the key. The key will be added to the Key List.
Keys generated using Auto Generation are never exposed outside the HSM and cannot be extracted.
2-2. Manual Generation
① Select the Algorithm and set the Generation Type to Manual.
② Enter a Label to identify the key.
③ Enter the key value in PEM format.
④ Click the [Create] button to generate the key. The key will be added to the Key List.
In manual generation mode, only private keys can be created.
3. Key Details
You can view the detailed properties of a generated key, including its public key. The public key is used by external systems to verify JWT signatures.
Private Key Information
Label : The identifier entered by the user when creating the key.
Type : The type of key. (Currently, only private keys are supported.)
Algorithm : The algorithm selected at the time of key creation.
CKA_ID : A unique ID automatically assigned to the key.
Length (bits) : The key length selected when using the RSA algorithm.
Curve : The curve selected when using the ECDSA (ECC) algorithm.
Created Date : The date the key was generated.
The private key is never exposed outside the HSM. It is securely stored and used only within the HSM.
Private keys can never be extracted or exposed externally due to security policy.
Public Key Information
The public key is provided in PEM (Public-Key Cryptography Standard) format, which is Base64-encoded and used to verify JWT signatures in external systems and clients.
PEM Format : The public key is displayed in the following standard format:
-----BEGIN PUBLIC KEY----- (Base64 content) -----END PUBLIC KEY-----This is an international standard format used in SSL/TLS certificates, OpenSSL, and external server integrations.Copy Icon : Click the copy icon on the right to copy the full public key string to your clipboard.\
Delete Key
If a key is no longer needed, click the [Delete Key] button at the top right of the screen to remove it. However, keys can be deleted with User PIN verification.
Deleting a key will immediately stop all functions that rely on it.