PreviousNextUp[Front page] [Index]

Key Backup with Eracom HSMs

These instructions have been tested with KMU version 3.0.

Key backup with Eracom is a process where the key-backup key is stored into one or more smart cards and the actual key to be backed up is exported into a file, protected with the backup key.

Using the KMU tool, select the backup key. Right-click the key and select export. Click on Write to smart cards and increase the number of custodians to be greater than one. The backup key will be split between the custodians. Click OK, and the key splitting process starts. The logical parts of the keys are written to smart cards.

When restoring the backup key, select import from the options menu and select read from smart cards.

To backup actual CA keys, select both parts of the key pair (public and private) and right-click the selected keys and select export. This time change the Wrapping key to be backup key and select "write to a selected file". Type a file name and click ok. This will cause the KMU to save an encrypted copy of the keys to the specified file. In order to decrypt the file, the backup key needs to be available in the HSM before restoring the key pair.

To restore the key pair, make sure you have the backup key already restored from smart cards. Select import from the options menu, and select the backup key to be the unwrap key. Also select read from file and specify the file containing the backed up key pair(s).


PreviousNextUp[Front page] [Index]