Your browser does not allow storing cookies. We recommend enabling them.

PreviousNextUp[Front page] [Index]

Key Backup with Eracom HSMs

These instructions have been tested with KMU version 3.0.

Key backup with Eracom is a process where the key-backup key is stored into one or more smart cards and the actual key to be backed up is exported into a file, protected with the backup key.

Using the KMU tool, select the backup key. Right-click the key and select export. Click on Write to smart cards and increase the number of custodians to be greater than one. The backup key will be split between the custodians. Click OK, and the key splitting process starts. The logical parts of the keys are written to smart cards.

When restoring the backup key, select import from the options menu and select read from smart cards.

To backup actual CA keys, select both parts of the key pair (public and private) and right-click the selected keys and select export. This time change the Wrapping key to be backup key and select "write to a selected file". Type a file name and click ok. This will cause the KMU to save an encrypted copy of the keys to the specified file. In order to decrypt the file, the backup key needs to be available in the HSM before restoring the key pair.

To restore the key pair, make sure you have the backup key already restored from smart cards. Select import from the options menu, and select the backup key to be the unwrap key. Also select read from file and specify the file containing the backed up key pair(s).


PreviousNextUp[Front page] [Index]


 

 
PrivX
 

 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now