search

Create a key

hashtag
1. Key Management & Key List

This menu allows you to create and manage signing keys for JWT.

① From the left-hand menu, select [Key Management].

② On the right-hand screen, you will see [Key List] and [Create Key] buttons.

Key List

  • Label : A user-defined identifier entered during key creation.

  • Algorithm : The algorithm selected when creating the key.

  • CKA_ID : The unique ID automatically assigned to each key.

  • Created Date : The date the key was generated.

circle-info

Click the [Create Key] button to go to the key creation screen.

circle-exclamation

If multiple keys share the same Label, they are distinguished by CKA_ID. It is recommended to use a unique Label for each key whenever possible.

hashtag
2. Key Creation

This screen allows you to generate a private key for JWT signing. Keys are securely created based on HSM, and users can customize the algorithm and key generation method.

Algorithm

  • RSA: A widely used public key algorithm compatible with most systems.

  • ECDSA (ECC): An elliptic curve-based algorithm offering better performance with shorter key lengths at the same security level.

Key Generation Type

  • Auto Generation (Random): The key is generated directly inside the HSM and never leaves it. This is the most secure and recommended method.

  • Manual Generation (Import): A key generated externally can be uploaded as a component file and stored securely. Useful for key sharding or externally controlled environments.

circle-info

Auto Generation is the default and recommended option for optimal security.

Label

  • A user-defined identifier to help distinguish each key. (Example : RSA_4096)

circle-exclamation

It is recommended to use a unique Label to avoid confusion.

Key Length (bits)

  • Available when RSA is selected.

  • Supported lengths: 2048, 4096

Curve (for ECC)

  • Available when ECDSA (ECC) is selected.

  • Supported curves: Prime256v1

hashtag
2-1. Auto Generation

① Select the Algorithm and set the Generation Type to Auto.

② Enter a Label to identify the key.

③ Choose the Key Length (for RSA) or Curve (for ECC).

④ Click the [Create] button to generate the key. The key will be added to the Key List.

circle-exclamation

Keys generated using Auto Generation are never exposed outside the HSM and cannot be extracted.

circle-info

When generating keys automatically with the ECC algorithm, the following curves are supported, and the algorithm and hash are determined based on the selected curve.

Curve : prime256v1 (P-256)

Algorithm : ES256

Hash : SHA-256

hashtag
2-2. Manual Generation

① Select the Algorithm and set the Generation Type to Manual.

② Enter a Label to identify the key.

③ Enter the key value in PEM format.

④ Click the [Create] button to generate the key. The key will be added to the Key List.

circle-exclamation

In manual generation mode, only private keys can be created.

hashtag
3. Key Details

You can view the detailed properties of a generated key, including its public key. The public key is used by external systems to verify JWT signatures.

Private Key Information

  • Label : The identifier entered by the user when creating the key.

  • Type : The type of key. (Currently, only private keys are supported.)

  • Algorithm : The algorithm selected at the time of key creation.

  • CKA_ID : A unique ID automatically assigned to the key.

  • Length (bits) : The key length selected when using the RSA algorithm.

  • Curve : The curve selected when using the ECDSA (ECC) algorithm.

  • Created Date : The date the key was generated.

circle-exclamation

The private key is never exposed outside the HSM. It is securely stored and used only within the HSM.

Private keys can never be extracted or exposed externally due to security policy.

Public Key Information

The public key is provided in PEM (Public-Key Cryptography Standard) format, which is Base64-encoded and used to verify JWT signatures in external systems and clients.

  • PEM Format : The public key is displayed in the following standard format: -----BEGIN PUBLIC KEY----- (Base64 content) -----END PUBLIC KEY----- This is an international standard format used in SSL/TLS certificates, OpenSSL, and external server integrations.

  • Copy Icon : Click the copy icon on the right to copy the full public key string to your clipboard.\

Delete Key

  • If a key is no longer needed, click the [Delete Key] button at the top right of the screen to remove it. However, keys can be deleted with User PIN verification.

circle-exclamation

Deleting a key will immediately stop all functions that rely on it.