Skip to main content
Skip table of contents

Generate AES or 3DES key

This article is valid from CM 8.0.

This article describes the syntax for how to generate an AES or 3DES key. The hwsetup command line tool, included in Nexus Certificate Manager (CM), is used.


Syntax: Generate AES or 3DES key

hwsetup -libname <pkcs11lib> [-slot <slot#>] [-id <CKA_ID>] [-label <CKA_LABEL>] [-login user|so] [-pin <PIN>] [-nopinpad] -genkey <key type> [-force]

Options and arguments

For a description of the options libnameslotpin, nopinpadid, noidlabellogin, extractable and force and their arguments, see Generate DSA/EC/RSA key pair.

Options and ArgumentsDescription
genkey <key type>

Use this option to generate a symmetric key. Replace <key type> with the desired key type. Key types AES (128), AES-128, AES-192, AES-256 or DES3 are supported in this version.

Default: DES3


To generate an AES 128-bit key:

Example: Generate AES 128-bit key

hwsetup -libname crypto -slot 1 -pin abcd -genkey AES -label "An AES-128 key"

To generate a 3DES key:

Example: Generate 3DES key

hwsetup -libname crypto -slot 1 -pin abcd -genkey DES3 -label "A 3DES key"
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.