Visit Nexus to get an overview of Nexus' solutions, read customer cases, access the latest news, and more.

This article describes the syntax for how to generate an AES or 3DES key. The hwsetup command line tool, included in Nexus Certificate Manager (CM), is used.


Syntax: Generate AES or 3DES key
hwsetup -libname <pkcs11lib> [-slot <slot#>] [-id <CKA_ID>] [-label <CKA_LABEL>] [-login user|so] [-pin <PIN>] [-nopinpad] -genkey <key type> [-force]

Options and arguments

For a description of the options libnameslotpin, nopinpadid, noidlabellogin, extractable and force and their arguments, see Generate DSA/EC/RSA key pair.

Options and ArgumentsDescription
genkey <key type>

Use this option to generate a symmetric key. Replace <key type> with the desired key type. Key types AES (128), AES-128, AES-192, AES-256 or DES3 are supported in this version.

Default: DES3


To generate an AES 128-bit key:

Example: Generate AES 128-bit key
hwsetup -libname crypto -slot 1 -pin abcd -genkey AES -label "An AES-128 key"

To generate a 3DES key:

Example: Generate 3DES key
hwsetup -libname crypto -slot 1 -pin abcd -genkey DES3 -label "A 3DES key"