本文属于机器翻译版本。若本译文内容与英语原文存在差异，则一律以英文原文为准。

# 使用 CloudHSM CLI 导入 PEM 格式密钥
<a name="cloudhsm_cli-key-import-pem"></a>

使用中的**key import pem**命令 AWS CloudHSM 将 PEM 格式的密钥导入硬件安全模块 (HSM)。您可以使用它来导入在 HSM 外生成的公有密钥。

**注意**  
使用 [使用 CloudHSM CLI 导出非对称密钥](cloudhsm_cli-key-generate-file.md) 命令从公有密钥创建标准 PEM 文件或使用私有密钥创建引用 PEM 文件。

## 用户类型
<a name="cloudhsm_cli-key-import-pem-user-type"></a>

以下类型的用户均可运行此命令。
+ 加密用户 (CUs)

## 要求
<a name="cloudhsm_cli-key-import-pem-requirements"></a>
+ 要运行此命令，必须以 CU 身份登录。

## 语法
<a name="cloudhsm_cli-key-import-pem-syntax"></a>

```
aws-cloudhsm > help key import pem
Import key from a PEM file

Usage: key import pem [OPTIONS] --path <PATH> --label <LABEL> --key-type-class <KEY_TYPE_CLASS>
Options:
      --cluster-id <CLUSTER_ID>
          Unique Id to choose which of the clusters in the config file to run the operation against. If not provided, will fall back to the value provided when interactive mode was started, or error
      --path <PATH>
          Path where the key is located in PEM format
      --label <LABEL>
          Label for the imported key
      --key-type-class <KEY_TYPE_CLASS>
          Key type and class of the imported key [possible values: ec-public, rsa-public]
      --attributes [<IMPORT_KEY_ATTRIBUTES>...]
          Space separated list of key attributes in the form of KEY_ATTRIBUTE_NAME=KEY_ATTRIBUTE_VALUE for the imported key
  -h, --help
          Print help
```

## 示例
<a name="cloudhsm_cli-key-import-pem-examples"></a>

以下示例演示了如何使用 **key import pem** 命令从 PEM 格式的文件中导入 RSA 公有密钥。

**Example 示例：导入 RSA 公有密钥**  

```
aws-cloudhsm > key import pem --path /home/example --label example-imported-key --key-type-class rsa-public
{
  "error_code": 0,
  "data": {
    "key": {
      "key-reference": "0x00000000001e08e3",
      "key-info": {
        "key-owners": [
          {
            "username": "cu1",                                   
            "key-coverage": "full"
          }
        ],
        "shared-users": [],
        "key-quorum-values": {
          "manage-key-quorum-value": 0,
          "use-key-quorum-value": 0
        },
        "cluster-coverage": "full"
      },
      "attributes": {
        "key-type": "rsa",
        "label": "example-imported-key",
        "id": "0x",
        "check-value": "0x99fe93",
        "class": "public-key",
        "encrypt": false,
        "decrypt": false,
        "token": true,
        "always-sensitive": false,
        "derive": false,
        "destroyable": true,
        "extractable": true,
        "local": false,
        "modifiable": true,
        "never-extractable": false,
        "private": true,
        "sensitive": false,
        "sign": false,
        "trusted": false,
        "unwrap": false,
        "verify": false,
        "wrap": false,
        "wrap-with-trusted": false,
        "key-length-bytes": 512,
        "public-exponent": "0x010001",
        "modulus": "0x8e9c172c37aa22ed1ce25f7c3a7c936dadc532201400128b044ebb4b96│··3e4930ab910df5a2896eaeb8853cfea0e341227654a8337a7864cc8a87d136f006cfba9e68d0b329│··746c1ad60941668b18699fc8169ff1ec363d0d18292845b2454d6a0b8c5d111b79c047619d460cdf│··be59debbacb66b7abeaf3f3d35dd2b9cfa6b6b7b1258b6866cb4085ac749e9d8552b3a4509e1b86c│··828cc794e22767b4f6b5bc6ff5c96f4b7e60eab305d669cfa2197e85379cb35c659bb58fcd246d48│··d9f6a7f36063b42da025459275aa8e3abedad775387086bd6c198ded868403f4b87ffda5a2d455ac│··aa6cbd00003c31d8d2f51d10cd272b31cf0c4037791f48ad51fb35",
        "modulus-size-bits": 2048
      }
    },
    "message": "Successfully imported key"
  }
}
```

**Example 示例：导入具有可选属性的 RSA 公有密钥**  

```
aws-cloudhsm > key import pem --path /home/example --label example-imported-key-with-attributes --key-type-class rsa-public --attributes verify=true
{
  "error_code": 0,
  "data": {
    "key": {
      "key-reference": "0x00000000001e08e3",
      "key-info": {
        "key-owners": [
          {
            "username": "cu1",                                      
            "key-coverage": "full"
          }
        ],
        "shared-users": [],
        "key-quorum-values": {
          "manage-key-quorum-value": 0,
          "use-key-quorum-value": 0
        },
        "cluster-coverage": "full"
      },
      "attributes": {
        "key-type": "rsa",
        "label": "example-imported-key-with-attributes",
        "id": "0x",
        "check-value": "0x99fe93",
        "class": "public-key",
        "encrypt": false,
        "decrypt": false,
        "token": true,
        "always-sensitive": false,
        "derive": false,
        "destroyable": true,
        "extractable": true,
        "local": false,
        "modifiable": true,
        "never-extractable": false,
        "private": true,
        "sensitive": false,
        "sign": false,
        "trusted": false,
        "unwrap": false,
        "verify": true,
        "wrap": false,
        "wrap-with-trusted": false,
        "key-length-bytes": 512,
        "public-exponent": "0x010001",
        "modulus": "0x8e9c172c37aa22ed1ce25f7c3a7c936dadc532201400128b044ebb4b96│··3e4930ab910df5a2896eaeb8853cfea0e341227654a8337a7864cc8a87d136f006cfba9e68d0b329│··746c1ad60941668b18699fc8169ff1ec363d0d18292845b2454d6a0b8c5d111b79c047619d460cdf│··be59debbacb66b7abeaf3f3d35dd2b9cfa6b6b7b1258b6866cb4085ac749e9d8552b3a4509e1b86c│··828cc794e22767b4f6b5bc6ff5c96f4b7e60eab305d669cfa2197e85379cb35c659bb58fcd246d48│··d9f6a7f36063b42da025459275aa8e3abedad775387086bd6c198ded868403f4b87ffda5a2d455ac│··aa6cbd00003c31d8d2f51d10cd272b31cf0c4037791f48ad51fb35",
        "modulus-size-bits": 2048
      }
    },
    "message": "Successfully imported key"
  }
}
```

## 参数
<a name="cloudhsm_cli-key-import-pem-arguments"></a>

***<CLUSTER\$1ID>***  
要运行此操作的集群的 ID。  
必需：如果[已配置](cloudhsm_cli-configs-multi-cluster.md)多个集群。

***<PATH>***  
指定密钥文件所在的文件路径。  
是否必需：是

***<LABEL>***  
为导入的密钥指定用户定义的标签。`label` 的最大大小为 126 个字符。  
是否必需：是

***<KEY\$1TYPE\$1CLASS>***  
包装密钥的密钥类型和类。  
可能的值：  
+ ec-public
+ rsa-public
是否必需：是

***<IMPORT\$1KEY\$1ATTRIBUTES>***  
以 `KEY_ATTRIBUTE_NAME=KEY_ATTRIBUTE_VALUE` 形式指定要为导入的密钥设置的密钥属性列表（例如 `sign=true`），用空格分隔。有关支持的密钥属性的列表，请参阅 [CloudHSM CLI 的密钥属性](cloudhsm_cli-key-attributes.md)。  
必需：否

## 相关主题
<a name="cloudhsm_cli-key-import-pem-seealso"></a>
+ [CloudHSM CLI 中的 crypto sign 类别](cloudhsm_cli-crypto-sign.md)
+ [CloudHSM CLI 中的 crypto verify 类别](cloudhsm_cli-crypto-verify.md)