Your browser does not allow storing cookies. We recommend enabling them.

PreviousNextUp[Front page] [Index]

Key Backup with Eracom HSMs

These instructions have been tested with KMU version 3.0.

Key backup with Eracom is a process where the key-backup key is stored into one or more smart cards and the actual key to be backed up is exported into a file, protected with the backup key.

Using the KMU tool, select the backup key. Right-click the key and select export. Click on Write to smart cards and increase the number of custodians to be greater than one. The backup key will be split between the custodians. Click OK, and the key splitting process starts. The logical parts of the keys are written to smart cards.

When restoring the backup key, select import from the options menu and select read from smart cards.

To backup actual CA keys, select both parts of the key pair (public and private) and right-click the selected keys and select export. This time change the Wrapping key to be backup key and select "write to a selected file". Type a file name and click ok. This will cause the KMU to save an encrypted copy of the keys to the specified file. In order to decrypt the file, the backup key needs to be available in the HSM before restoring the key pair.

To restore the key pair, make sure you have the backup key already restored from smart cards. Select import from the options menu, and select the backup key to be the unwrap key. Also select read from file and specify the file containing the backed up key pair(s).


PreviousNextUp[Front page] [Index]


 

 
Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more