manualshive.com logo in svg

Gemalto CSEK, Integration Manual

Gemalto CSEK Integration Manual – Download this comprehensive manual for free from our website. Explore detailed instructions, step-by-step procedures, and troubleshooting tips to seamlessly integrate Gemalto CSEK into your systems. Unlock the product's full potential and enhance security effortlessly with this user-friendly manual.

Share
Download
background image

 

 

 

 
 
 
 
 
 
 
 

Google Cloud Platform Customer 
Supplied Encryption Key (CSEK) 
Beta 

Integration Guide 

Summary of Contents for CSEK

Page 1: ...Google Cloud Platform Customer Supplied Encryption Key CSEK Beta Integration Guide ...

Page 2: ...l implied warranties of merchantability fitness for a particular purpose title and non infringement In no event shall Gemalto be liable whether in contract tort or otherwise for any indirect special or consequential damages or any damages whatsoever including but not limited to damages resulting from loss of use data profits revenues or customers arising out of or in connection with the use or per...

Page 3: ...mer Supplied Encryption Key 7 3rd Party Application Details 8 Supported Platforms 8 Library and Driver Support 8 Google Cloud Platform Setup 8 Prerequisites 9 SafeNet Luna Network HSM Setup 9 2 Integrating Google Cloud Platform with SafeNet Luna HSM 10 Setting up SafeNet Luna HSM with Google Cloud 10 Before You Begin 10 Generating the CSEK for Google Cloud 10 Creating the Encrypted VM using CSEK 1...

Page 4: ...eNet Luna HSM NOTE CSEK feature provided by google cloud is in Beta and this feature is subject to change so customers should proceed with caution when implementing CSEK in production Document Conventions This section provides information on the conventions used in this template Notes Notes are used to alert you to important or helpful information These elements use the following format NOTE Take ...

Page 5: ...following Command line commands and options Type dir p Button names Click Save As Check box and radio button names Select the Print Duplex check box Window titles On the Protect Document window click Yes Field names User Name Enter the name of the user Menu names On the File menu click Save Click Menu Go To Folders User input In the Date box type April 1 italic The italic attribute is used for emp...

Page 6: ...ennium Drive Belcamp Maryland 21017 USA Phone US 1 800 545 6608 International 1 410 931 7520 Technical Support Customer Portal https supportportal gemalto com Existing customers with a Technical Support Customer Portal account can log in to manage incidents get the latest software upgrades and access the Gemalto Knowledge Base ...

Page 7: ...ll cover the installation and configuration of Google Cloud Platform on Windows Server 2012 R2 using SafeNet Luna HSM The benefits of using SafeNet Luna HSM with the Google Cloud Platform are Secure storage of the CSEK Keys FIPS 140 2 level 3 validated hardware Full life cycle management of the keys Understanding the Customer Supplied Encryption Key Server side encryption refers to encryption that...

Page 8: ...loud SDK on the system you are working on The Google Cloud SDK provides a set of tools for Cloud Platform It contains gcloud gsutil and bq which you can use to access Google Compute Engine Google Cloud Storage Google BigQuery and other products and services you can access from the command line You can run these tools interactively or in your automated scripts The URL for downloading and setting up...

Page 9: ...password A hostname suitable for your network Network parameters set to work with your network Initialize the HSM on the SafeNet Luna Network HSM appliance to create an HSM SO cloning domain and label Create a partition on the HSM and remember the partition password as it will be used by Client to access the partition Use VTL to create exchange and register certificates between the SafeNet Luna Ne...

Page 10: ...ing the CSEK for Google Cloud After creating the NTLS connection with HSM partition download and import the Google Public Key on the HSM partition which will be use to wrap the generated AES256 key To use the CSEK for Google Cloud with SafeNet Luna HSM follow the steps below 1 Download the public certificate maintained by Google Compute Engine from https cloud certs storage googleapis com google c...

Page 11: ...a60e0ea3bca01019809738546459b6ef92bdf7d4ea363be08808bfa52cc0252e973b7b1adf8eb36588d9a63e 25e0e3f94f6c6598f5e817f8a06c23bd8c0796f98f0dd5567a2d1bcf43e9dd3f6d99c8bfe488915cd63515ac19bd22dcd319 23b8e19e00efbb8381ad5e01690883ff629a9fad634aa6966867447c28424643535734f122c0e29e8857736cb20c0a68df0a c0ce77283c70ea40e8d0835f4be62630d67ca0783c149e50dc4c51e787c3d7f5859e03927b1a7336d1af64631aa029c848cb a6128f27...

Page 12: ...45 Select type of key to generate 1 DES 2 DES2 3 DES3 5 CAST3 6 Generic 7 RSA 8 DSA 9 DH 10 CAST5 11 RC2 12 RC4 13 RC5 14 SSL3 15 ECDSA 16 AES 17 SEED 18 KCDSA 1024 19 KCDSA 2048 20 DSA Domain Param 21 KCDSA Domain Param 22 RSA X9 31 23 DH X9 42 24 ARIA 25 DH PKCS Domain Param 26 RSA 186 3 Aux Primes 27 RSA 186 3 Primes 28 DH X9 42 Domain Param 29 ECDSA with Extra Bits 16 Enter Key Length in bytes...

Page 13: ...ta 0 for none 0 Enter handle of wrapping key 0 to list available objects 718 Enter handle of key to wrap 0 to list available objects 715 Wrapped key was saved in file wrapped key Where 718 and 715 is the handle of Google Public Key and AES256 key respectively NOTE wrapped key is the output file that contains the wrapped AES key 10 Exit from ckdemo session now by providing the choice as 0 Enter you...

Page 14: ...SEK Creating an encrypted disk or VM is pretty easy This guide demonstrated creation of encrypted VM using console and gcloud tool provided by google Using Google Console 1 Log on to the Google Cloud Console using the below URL by providing your Google credentials https console cloud google com 2 Click Compute Engine Disks Create disk ...

Page 15: ...ype Source Image OS that need to be installed and Size GB Select Encryption as Customer Supplied and enter the key in text box provided Copy the contents of rsawrapencodedkey txt and paste it Select the Wrapped key and after providing all the details click Create It creates the disk encrypted by customer supplied key and it can be used to create the VM instance on cloud 4 Click VM Instances Create...

Page 16: ...on click Change and then click Existing disk It displays the disk created in the previous steps using CSEK Encryption When disk is selected it prompts to enter the key Provide the same key which you have used to encrypt the disk and select the Wrapped key checkbox Click Select 6 Select Allow HTTP traffic and Allow HTTPS traffic in the Firewall section and click Create ...

Page 17: ... Line Tool Gcloud is the part of google cloud SDK and it provides various commands to perform operations on google cloud You can use this tool to create encrypted disk or VM using CSEK and start stop the VM when needed as well as other operations like creating snapshots from encrypted disk 1 When you use the gcloud compute command line tool to set your keys you provide encoded keys using a key fil...

Page 18: ...p0nOBdteJtTX7XzEI1OGv ORv4AGqxEPQGgRHqQB8J k1afmbGKpw8L1lel0YmkeX5cdjer 5qS2lXdTc0BjdkDF2UsLQYNJS2H3 lIv7 Uk5zH3waKd3YzuQhRt7hEwOM2QS9oE 8LiW1v0iaM8Yq2e XA8MivGNTdra ZA 29QIVUJ0WZXyNGK8YyxYV5oYNWR shVQ key type rsa encrypted Where example disk is the name of disk to be created Replace zinc window 164420 and us central1 c with your project and zone respectively 2 Create an encrypted disk using CSEK...

Page 19: ...sk gcloud beta compute instances create example instance disk name example disk boot yes csek key file example file json VM instance is created using encrypted disk now you can connect your VM using SSH using the methods provided in Appendix 4 You can stop the VM instance using the command below gcloud beta compute instances stop example instance ...

Page 20: ...loud documentation This completes the demonstration of generating the AES256 key on HSM and encrypting the disk using that key on Google Cloud Each time any read write operation is performed on encrypted disk it prompts for the encryption key and you need to provide the base64 encoded wrapped key Google keep the supplied CSEK till operation completed for example VM is restarted or snapshot of the ...

Page 21: ...ocumentation however below is the method to connect Linux instance using SSH is provided for your reference 1 To connect the instances using the gcloud open the Google Cloud SDK Shell and run the gcloud compute command as follows gcloud compute project zinc window 164420 ssh zone us central1 b instance 1 It connects you to the instance using SSH ...

Page 22: ...le that you downloaded A window opens where you can configure your key generation settings 4 Select the default parameters and click Generate to generate a new key pair When the key generation process is complete the tool displays your public key value 5 In the Key comment section enter your Google username The key should have the following structure ssh rsa KEY_VALUE USERNAME Where KEY_VALUE is t...

Page 23: ...public key value from the PuTTYgen tool and paste that value as a new item in the list of SSH keys on the Metadata page The public key value is available at the top of the PuTTYgen screen 11 At the bottom of the SSH Keys page click Save to save your new project wide SSH key ...

Page 24: ... instance that you want to connect in the Host Name field Your username is the Google username that you use to access your project 13 On the left side of the PuTTY window navigate to Connection SSH Auth 14 Set the Private key file for authentication field with the path to your private key file For this example specify the path to the my ssh key ppk file ...

Page 25: ...3 Appendix Google Cloud Platform Integration Guide 25 15 Click Open to connect with your instance If the connection is successful you can use the terminal to run commands on your instance ...

Reviews:

No comments

Related manuals for CSEK

Rainforest Automation RAVEn Xml Api Manual preview
RAVEn
Brand: Rainforest Automation Pages: 29
Harman Kardon BTA 10 Quick Setup Manual preview
BTA 10
Brand: Harman Kardon Pages: 8
Ralink 15G7000B User Manual preview
15G7000B
Brand: Ralink Pages: 27
Exsys EX-1346 Manual preview
EX-1346
Brand: Exsys Pages: 2
H3C ADP040-54V-GL User Manual preview
ADP040-54V-GL
Brand: H3C Pages: 13
Acard AEC-7730A Quick Manual preview
AEC-7730A
Brand: Acard Pages: 2
Truma AL-KO M Manual preview
AL-KO M
Brand: Truma Pages: 4
Tanita OP-102-RU Setup Manual preview
OP-102-RU
Brand: Tanita Pages: 16
Margi Display-to-Go User Manual preview
Display-to-Go
Brand: Margi Pages: 21
LSILogik eXtreemeRAID 3000 Quick Installation Manual preview
eXtreemeRAID 3000
Brand: LSILogik Pages: 24
Salto KPB03 Series Quick Start Manual preview
KPB03 Series
Brand: Salto Pages: 2
3Com 3CRBB0196 Quick Start Manual preview
3CRBB0196
Brand: 3Com Pages: 4
Hawking HAWNU1 Quick Installation Manual preview
HAWNU1
Brand: Hawking Pages: 25
Hama 62713 Operating Instruction preview
62713
Brand: Hama Pages: 32
Sonnet Thunderbolt Quick Start Manual preview
Thunderbolt
Brand: Sonnet Pages: 4
TRENDnet TPL-303E Quick Installation Manual preview
TPL-303E
Brand: TRENDnet Pages: 12
TRENDnet TEW-805UB Quick Installation Manual preview
TEW-805UB
Brand: TRENDnet Pages: 22
TRENDnet TPE-420E User Manual preview
TPE-420E
Brand: TRENDnet Pages: 33

Brands by name

Popular brands

Load more brands