background image

 

 
 
 

 

Sansec HSM 

User Manual v2.2

 

 
 
 
 
 
 
 
 
 
 
 
 

 

 

 

 
 
 
 

Beijing Sansec Technology Development Co., Ltd.

 

July 2016 

 

 

Summary of Contents for HSM

Page 1: ...Sansec HSM User Manual v2 2 Beijing Sansec Technology Development Co Ltd July 2016...

Page 2: ...company makes no express or implied warranties including the content of the manual on merchantability or implied warranties for the specific purpose In accordance with the copyright laws of China our...

Page 3: ...mation 12 5 4 Viewing Modifying Network Configurations 13 5 5 Viewing Modifying Financial Application Parameters 13 5 6 View management audit log 13 6 Authority Management 15 6 1 Viewing Login Status...

Page 4: ...Key Generation 25 7 6 2 Key Generation Via Synthesizing Key Segments 26 7 6 3 Key Deletion 28 7 6 4 View Key State 28 7 6 5 View Key Verification Value 28 7 7 Backup and Recovery 28 7 7 1 Key Backup...

Page 5: ...cteristics applicable to all types of financial information systems especially for cross regional and cross agency financial transaction systems to provide data encryption and security protection It c...

Page 6: ...and storage of ECDSA key pair with the curve P 256 P 384 P 521 Support a variety of Public Key Cryptography Standards such as PKCS1 ANSIX9 31 EMV2000 etc Support RSA ECDSA SM2 signature and verificati...

Page 7: ...d development are based on a high stability optimized dedicated operating platform Hardware design stratifies FIPS140 2LEVEL3 standard so it has high security Support hierarchical authority management...

Page 8: ...components At least two random or pseudo random parameters with key features of the encryption key The cryptographic key is made through a combination of one or more of such parameters Key segmentati...

Page 9: ...ys The keys used by a group of specific entities when using symmetric cryptography Session key Key of the lowest layer within the key management system The key is only used for a session within a limi...

Page 10: ...For more information refer to section 6 s administrator guide chapter 6 5 and operator guide chapter 6 6 f Modify PIN password For more information refer to section 6 s modify user password chapter 6...

Page 11: ...etwork configuration chapter 5 4 l Service management and configuration For more information refer to section8 s Service management m Backup and recovery For more information refer to section 7 s Back...

Page 12: ...4 2 Device management a Use the serial port control cable to connect the HSM to a personal computer with Windows operating system installed b Run the HyperTerminal tool that comes with the Windows op...

Page 13: ...e terminal press any key the shell interface will appear 4 3 Start up Management Program a Connect to the HSM b Run management program execute the hsmm command to start the Sansec HSM management progr...

Page 14: ...ervice 6 Backup and Recovery Back up the key information to file or restore key information from file to cryptography module 7 Installation Guide Complete the basic configuration of HSM according to t...

Page 15: ...ate ECDSA key pairs and save them into the device h SM2 key management Generate SM2 key pairs and save them into the device i Network configuration View or modify networking configuration parameters o...

Page 16: ...EC 2 Product Model secHSM V2 3 Product No SJ6A21 SC9EDLR 4 Serial No 2015040714501174 5 Version v2 00 0001 5 2 Viewing Modifying Device Maintenance Information Users can view or modify device maintena...

Page 17: ...t mask 255 255 255 0 3 Default gateway 192 168 1 1 4 Enable the above configuration immediately Select the function to be performed or Quit Q Next Step N 5 5 Viewing Modifying Financial Application Pa...

Page 18: ...017 09 04 14 12 13 swhsm start hsmm success 2017 09 04 14 12 20 swhsm start hsmm success 2017 09 04 14 12 55 swhsm Administrator 3 log in success 2017 09 04 14 13 35 swhsm Administrator 2 log in succe...

Page 19: ...in the administrator or operator token in the direction indicated and enter the PIN to gain access to the token User login Insert the user s token into the USB port in the correct direction and input...

Page 20: ...ogin status which is enough for running the financial data HSM cryptographic services and status monitoring function 6 4 Modify User Password a Insert the administrator token in the USB port indicated...

Page 21: ...afety reminder The device supports up to 5 administrators To ensure security it is recommended to have at least 3 administrators Safety reminder The default passwords of all the user tokens are initia...

Page 22: ...e of the operators and the login passwords saved in the device After this operation is completed all existing operators will be deleted so the Add operator function will be needed to run in order to a...

Page 23: ...gin passwords saved in the device After this operation is completed all existing auditors will be deleted so the Add auditor function will be needed to run in order to add new auditor to the system Up...

Page 24: ...for viewing the system management service management and other functions 2 Viewing permission for management privilege The privilege for viewing administrators and operators and other functions 3 Vie...

Page 25: ...keys Three key fragments need to be entered to set up the master key and the HSM will automatically synthesize the master key internally Setting local master key Please select the type to setting _ _...

Page 26: ...48 Generating RSA key pair with index 1 and 2048 bits successful Select Quit Q Return R Previous Step P 7 3 2 Key Pair Deletion Follow the prompts to enter the key index and delete the RSA key pair fo...

Page 27: ...ystem protection key Generating SM2 key pair with index 11 and 256 bits successful 7 4 2 Key Pair Deletion Based on the prompt input the key index and delete SM2 key pair in the specified location Thi...

Page 28: ...bit size of the key from 256 bits to 521 bits _ ___________________________________ 1 256 2 384 3 521 Select bit size of the key Default 256 or Quit Q Return R Previous Step P Next Step N 1 c The gene...

Page 29: ..._ _______________________________________________________________________ 1 521 521 384 384 11 256 256 256 256 7 6 Symmetric Key Management This is to manage various symmetric keys saved in the HSM Sy...

Page 30: ...choose the 3DES or 3DES variant in the above step please select the key strength Select the bit size of the key from 64 bits to 192 bits _ ___________________________________ 1 64 2 128 3 192 Select b...

Page 31: ...7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Check value is 8ca64de9c1b123a7 c Verify whether the key ciphertext is needed to be exported or not and if it does then ente...

Page 32: ...the symmetric key with index 200 7 6 4 View Key State View the existing key information 1 128 X 128 S 128 U 9 17 25 33 41 49 57 65 73 81 89 97 7 6 5 View Key Verification Value Input key index view ke...

Page 33: ...egment Please select an administrator USB token to insert the USB port in the correct direction and enter the protection password Please enter USB token password or Quit Q 3 Output the second backup k...

Page 34: ...topped and the backup file will be deleted from HSM Please seriously manage backup file and USB tokens Please select Quit Q Return R 7 7 2 Key Recovery Run the recovery wizard to synthesize the key se...

Page 35: ...strator USB token to insert the USB port in the correct direction and enter the protection password Please enter USB token password or Quit Q 4 Import the second backup key segment Please select anoth...

Page 36: ...vice automatically start up at boot The 0 indicates that the service does not automatically start up at boot 3 Session timeout minutes 100 In order to prevent the idle service caused by the abnormal s...

Page 37: ...boot Yes Y No N or Quit Q Return R b After completing the parameter modification press the Enter key to save the modified configuration Select the item to be modified or Quit Q Return R Save S s Succ...

Page 38: ...t Safety reminder If the white list is empty it means this function is disabled However for safety reasons it is recommended not to disable this function Reminder If the service has been started the n...

Page 39: ...or None Add administrator Super administrator Delete administrator Super administrator Add operator Super administrator Delete operator Super administrator Set system protection key Super administrato...

Page 40: ...er cord near entrances or exits to avoid being trampled 8 When using extension cord please pay attention to its power load The total electricity consumption of devices attached to the same extension l...

Page 41: ...e product is accidentally dropped on the ground or the shell has any damage e When product features change significantly which indicates a need for maintenance Appendix C Technical Support If you have...

Page 42: ...Sansec HSM User Manual V2 2 38...

Reviews: