|[Front page] [Index]|
Preparing an nCipher HSM for Use
There are three important nCipher-specific terms that you need to understand when setting up a secure CA private key environment with nCipher hardware security modules:
- Security world
The security world is the outermost layer of protection. The integrity and confidentiality of all other objects is guaranteed by encrypting everything with the private key embodied in the security world. Different HSMs with the same security world can use each other's card sets.
- Administrator Card Set
The Administrator Cards are not used in normal operation, but only in cases when the security world is set up or restored, or when Operator Cards are recovered.
- Operator Card Set
The Operator Cards are used to protect the created CA/RA private keys. An Operator Card must be inserted when SSH Tectia Certifier is started.
- Make sure the nCipher HSM is in correct operational mode. This can be checked by running the command
enquiryprovided by nCipher Corporation (in
/opt/nfast/binon Unix systems or in
c:\nfast\binon Windows). The mode should be pre-initialization when the security world is being created, and the mode should be operational when the module is used with SSH Tectia Certifier.
- Next, the security world has to be created. The security world is created using the KeySafe key management tool of nCipher. Alternatively, the
new-worldcommand can be used. See the nCipher User Guide for instructions.
- When the security world is initially created, it can be backed up and made recoverable. We recommend that the security world is created as recoverable, because if the HSM is damaged, the keys can be restored only if the security world of the keys can be restored.
We also recommend that the Administrator Card Set created within the security world creation consists of at least two cards. The Administrator Cards are not used in normal operation, but only in cases when the security world is set up or restored, or when Operator Cards are recovered.
The security world information is stored in a file
kmdata/local/world. This file is not security-sensitive, since it it is encrypted with the key in the Administrator Card. The copy of the file is needed when recovering the security world. So, again we recommend that you back up the world file. It is also a good practice to do the world restoration once before starting to use the HSM to ensure that the restoration works.
The Operator Cards are used to protect the created keys. KeySafe can be used to create Operator Card Sets. nCipher HSM can utilize n/m protection, but SSH Tectia Certifier supports only 1/m protection at the moment. (However, Certifier Engine can be started using the
with-nfast utility, which allows preloading of n/m keys, so the dual control can be achieved that way.)
It is up to the Certification Practice Statement (CPS) of the CA to define whether the CA keys are recoverable. If so, the Operator Card sets should be made recoverable as well. It is worth noticing that a single card set may protect multiple keys.
Again, we recommend that the Operator Cards are created so that there are more than one spare cards available. When an Operator Card is lost, the spare cards can be used. If the card set is made recoverable, a new card set can be created if enough cards from the old card set are available.
After the Operator Card Set has been created, the keys can be created either by using the KeySafe tool of nCipher or by using the GUI as specified in Section CA Private Key Options.
The nCipher HSMs can be used in two ways. They can be accessed either through a PKCS #11 interface or through a native (legacy) nCipher interface. We recommended using the PKCS #11 interface. See Section Adding PKCS-11 Modules to the Certifier Engine.
[Front page] [Index]