|[Front page] [Index]|
These instructions have been tested with Eracom CSA8000.
When the Eracom CSA 8000 PCI card has been installed according to the installation manual (the process is slightly different on each platform), you should have access to the Eracom key management utility called KMU.
KMU is the utility which is designed to do all the key creation and backup tasks.
Eracom Administration Manual covers the initial setup, but a short list of the required steps follows.
- Set the security options by logging into the administrator token. You can specify here, whether the device operates on the FIPS 140-1 mode or not.
- Select the slot
0. The slot with the number zero is the actual cryptographic device. The other slots represent the administrator token and the smart card reader slots.
- Create a key-backup key. This key is used to encrypt the backed-up keys. The backup key must have the WRAP value set to
TRUE. Good defaults for the key are:
- key type:
- label: "
The default values for other attributes are OK.
Eracom has also a proprietary attribute EXPORT, which is similar to WRAP. However, the WRAP attribute requires that the backup key is created with the Private attribute set to
FALSE, which is why we do not recommend this alternative. See Eracom Administrator Manual for more information.
- key type:
- Create the CA key pair. It is recommended to use at least a 2048-bit RSA key. If key backup is needed, the key must have the Extractable attribute set to
When the key is created, it is available for SSH Tectia Certifier once the PKCS #11 module has been added to it.
[Front page] [Index]