Your browser does not allow storing cookies. We recommend enabling them.

PreviousNextUp[Front page] [Index]

Key backup with nCipher HSMs

When the key or security world is generated, the encrypted version of the data is stored to the kmdata directory (c:\nfast\kmdata in Windows, and /opt/nfast/kmdata/ in Unix) and its subfolders, which should be included in the backup regime. See also Section ssh-ca-backup.

If the entire nCipher device was rendered unusable or/and the security world was lost, the prerequise for the keys to be used is that the security world is restored. The security world is restored by restoring the contents of the kmdata directory and its subdirectories from backup, and then using KeySafe or a command-line command (new-world -l).

If the same security world is available for the keys, and the operator card is available, the key can be "restored" just by copying the key files from the backup to the kmdata/local directory.

It is a good failsafe practice to have a nCipher HSM with the same security world installed on a spare HSM in case the computer and the original HSM are damaged. If the new HSM contains the same security world, the backed up keys are easier to take into use.

The security world is stored in the world file, encrypted with the Administrator Card Set. If you need to restore the security world, you need to have both the Administrator Card and the world file available.

When you create the key, you can define whether the key can be restored (= Recovery feature in KeySafe). When you set this flag, the keys can be used with a replaced card set. Without that flag, the keys can be only used with the card set that was used to create the key.

Having listed all the precautions, it is worth noticing that SSH has been using nCipher HSMs for more than 3 years without a single hardware failure, so the precautions listed may sound overkill. However, the change of a CA key is such a drastic operation, that all the precautions should be used to avoid it.

PreviousNextUp[Front page] [Index]




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now