Your browser does not allow storing cookies. We recommend enabling them.

PreviousNextUp[Front page] [Index]

Preparing an Eracom HSM for Use

These instructions have been tested with Eracom CSA8000.

When the Eracom CSA 8000 PCI card has been installed according to the installation manual (the process is slightly different on each platform), you should have access to the Eracom key management utility called KMU.

KMU is the utility which is designed to do all the key creation and backup tasks.

Eracom Administration Manual covers the initial setup, but a short list of the required steps follows.

  1. Set the security options by logging into the administrator token. You can specify here, whether the device operates on the FIPS 140-1 mode or not.
  2. Select the slot 0. The slot with the number zero is the actual cryptographic device. The other slots represent the administrator token and the smart card reader slots.
  3. Create a key-backup key. This key is used to encrypt the backed-up keys. The backup key must have the WRAP value set to TRUE. Good defaults for the key are:
    • key type: 3DES
    • label: "backup key".

    The default values for other attributes are OK.

    Eracom has also a proprietary attribute EXPORT, which is similar to WRAP. However, the WRAP attribute requires that the backup key is created with the Private attribute set to FALSE, which is why we do not recommend this alternative. See Eracom Administrator Manual for more information.

  4. Create the CA key pair. It is recommended to use at least a 2048-bit RSA key. If key backup is needed, the key must have the Extractable attribute set to TRUE.

When the key is created, it is available for SSH Tectia Certifier once the PKCS #11 module has been added to it.

PreviousNextUp[Front page] [Index]




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now