Sansec HSM Скачать руководство пользователя | Manualshive

Страница: 33 / 42

background image

Sansec HSM User Manual V2.2

29

sensitive information, such as the RSA private key, ECDSA private key and SM2 private

key, and the symmetric key using this backup key and save it into a file. Export the

backup files through FTP and keep them in good order. The detailed steps are as follows:

a)

Log in at least half of all administrators to obtain super administrator rights.

Prepare 3 administrator tokens which will be used to store the backup key

segments.

Key backup wizard:

-------------

1. Start backup key

Log in at least half of all administrators to obtain super administrator rights and prepare

three administrator tokens.

b)

Output the 3 backup keys segments. This procedure requires the insertion of the

token and inputting the PINs.

2. Output the first backup keys segment.

Please select an administrator USB token to insert the USB port in the correct direction

and enter the protection password.

Please enter USB token password or [Quit(Q)]>

3. Output the second backup keys segment.

Please select another administrator USB token to insert the USB port in the correct

direction and enter the protection password.

4. Output the third backup keys segment.

Please select the third administrator USB token to insert the USB port in the correct

direction and enter the protection password.

c)

Encrypt keys and other data using the backup key and back it up into a file.

Key backup wizard:

-------------

5. Generating the backup file.

The backup process is being performed, in the process the key data is encrypted and saved to

the backup file.

The key information and other information have been encrypted and saved to the backup file.

Please continue or [Quit(Q)] [Return(R)]>

d)

Start the FTP service, then download the backup file "swhsmbak.dat" to the local

«
...
31
32
33
34
35
...
»

Содержание HSM

Страница 1: ...Sansec HSM User Manual v2 2 Beijing Sansec Technology Development Co Ltd July 2016...

Страница 2: ...company makes no express or implied warranties including the content of the manual on merchantability or implied warranties for the specific purpose In accordance with the copyright laws of China our...

Страница 3: ...mation 12 5 4 Viewing Modifying Network Configurations 13 5 5 Viewing Modifying Financial Application Parameters 13 5 6 View management audit log 13 6 Authority Management 15 6 1 Viewing Login Status...

Страница 4: ...Key Generation 25 7 6 2 Key Generation Via Synthesizing Key Segments 26 7 6 3 Key Deletion 28 7 6 4 View Key State 28 7 6 5 View Key Verification Value 28 7 7 Backup and Recovery 28 7 7 1 Key Backup...

Страница 5: ...cteristics applicable to all types of financial information systems especially for cross regional and cross agency financial transaction systems to provide data encryption and security protection It c...

Страница 6: ...and storage of ECDSA key pair with the curve P 256 P 384 P 521 Support a variety of Public Key Cryptography Standards such as PKCS1 ANSIX9 31 EMV2000 etc Support RSA ECDSA SM2 signature and verificati...

Страница 7: ...d development are based on a high stability optimized dedicated operating platform Hardware design stratifies FIPS140 2LEVEL3 standard so it has high security Support hierarchical authority management...

Страница 8: ...components At least two random or pseudo random parameters with key features of the encryption key The cryptographic key is made through a combination of one or more of such parameters Key segmentati...

Страница 9: ...ys The keys used by a group of specific entities when using symmetric cryptography Session key Key of the lowest layer within the key management system The key is only used for a session within a limi...

Страница 10: ...For more information refer to section 6 s administrator guide chapter 6 5 and operator guide chapter 6 6 f Modify PIN password For more information refer to section 6 s modify user password chapter 6...

Страница 11: ...etwork configuration chapter 5 4 l Service management and configuration For more information refer to section8 s Service management m Backup and recovery For more information refer to section 7 s Back...

Страница 12: ...4 2 Device management a Use the serial port control cable to connect the HSM to a personal computer with Windows operating system installed b Run the HyperTerminal tool that comes with the Windows op...

Страница 13: ...e terminal press any key the shell interface will appear 4 3 Start up Management Program a Connect to the HSM b Run management program execute the hsmm command to start the Sansec HSM management progr...

Страница 14: ...ervice 6 Backup and Recovery Back up the key information to file or restore key information from file to cryptography module 7 Installation Guide Complete the basic configuration of HSM according to t...

Страница 15: ...ate ECDSA key pairs and save them into the device h SM2 key management Generate SM2 key pairs and save them into the device i Network configuration View or modify networking configuration parameters o...

Страница 16: ...EC 2 Product Model secHSM V2 3 Product No SJ6A21 SC9EDLR 4 Serial No 2015040714501174 5 Version v2 00 0001 5 2 Viewing Modifying Device Maintenance Information Users can view or modify device maintena...

Страница 17: ...t mask 255 255 255 0 3 Default gateway 192 168 1 1 4 Enable the above configuration immediately Select the function to be performed or Quit Q Next Step N 5 5 Viewing Modifying Financial Application Pa...

Страница 18: ...017 09 04 14 12 13 swhsm start hsmm success 2017 09 04 14 12 20 swhsm start hsmm success 2017 09 04 14 12 55 swhsm Administrator 3 log in success 2017 09 04 14 13 35 swhsm Administrator 2 log in succe...

Страница 19: ...in the administrator or operator token in the direction indicated and enter the PIN to gain access to the token User login Insert the user s token into the USB port in the correct direction and input...

Страница 20: ...ogin status which is enough for running the financial data HSM cryptographic services and status monitoring function 6 4 Modify User Password a Insert the administrator token in the USB port indicated...

Страница 21: ...afety reminder The device supports up to 5 administrators To ensure security it is recommended to have at least 3 administrators Safety reminder The default passwords of all the user tokens are initia...

Страница 22: ...e of the operators and the login passwords saved in the device After this operation is completed all existing operators will be deleted so the Add operator function will be needed to run in order to a...

Страница 23: ...gin passwords saved in the device After this operation is completed all existing auditors will be deleted so the Add auditor function will be needed to run in order to add new auditor to the system Up...

Страница 24: ...for viewing the system management service management and other functions 2 Viewing permission for management privilege The privilege for viewing administrators and operators and other functions 3 Vie...

Страница 25: ...keys Three key fragments need to be entered to set up the master key and the HSM will automatically synthesize the master key internally Setting local master key Please select the type to setting _ _...

Страница 26: ...48 Generating RSA key pair with index 1 and 2048 bits successful Select Quit Q Return R Previous Step P 7 3 2 Key Pair Deletion Follow the prompts to enter the key index and delete the RSA key pair fo...

Страница 27: ...ystem protection key Generating SM2 key pair with index 11 and 256 bits successful 7 4 2 Key Pair Deletion Based on the prompt input the key index and delete SM2 key pair in the specified location Thi...

Страница 28: ...bit size of the key from 256 bits to 521 bits _ ___________________________________ 1 256 2 384 3 521 Select bit size of the key Default 256 or Quit Q Return R Previous Step P Next Step N 1 c The gene...

Страница 29: ..._ _______________________________________________________________________ 1 521 521 384 384 11 256 256 256 256 7 6 Symmetric Key Management This is to manage various symmetric keys saved in the HSM Sy...

Страница 30: ...choose the 3DES or 3DES variant in the above step please select the key strength Select the bit size of the key from 64 bits to 192 bits _ ___________________________________ 1 64 2 128 3 192 Select b...

Страница 31: ...7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Check value is 8ca64de9c1b123a7 c Verify whether the key ciphertext is needed to be exported or not and if it does then ente...

Страница 32: ...the symmetric key with index 200 7 6 4 View Key State View the existing key information 1 128 X 128 S 128 U 9 17 25 33 41 49 57 65 73 81 89 97 7 6 5 View Key Verification Value Input key index view ke...

Страница 33: ...egment Please select an administrator USB token to insert the USB port in the correct direction and enter the protection password Please enter USB token password or Quit Q 3 Output the second backup k...

Страница 34: ...topped and the backup file will be deleted from HSM Please seriously manage backup file and USB tokens Please select Quit Q Return R 7 7 2 Key Recovery Run the recovery wizard to synthesize the key se...

Страница 35: ...strator USB token to insert the USB port in the correct direction and enter the protection password Please enter USB token password or Quit Q 4 Import the second backup key segment Please select anoth...

Страница 36: ...vice automatically start up at boot The 0 indicates that the service does not automatically start up at boot 3 Session timeout minutes 100 In order to prevent the idle service caused by the abnormal s...

Страница 37: ...boot Yes Y No N or Quit Q Return R b After completing the parameter modification press the Enter key to save the modified configuration Select the item to be modified or Quit Q Return R Save S s Succ...

Страница 38: ...t Safety reminder If the white list is empty it means this function is disabled However for safety reasons it is recommended not to disable this function Reminder If the service has been started the n...

Страница 39: ...or None Add administrator Super administrator Delete administrator Super administrator Add operator Super administrator Delete operator Super administrator Set system protection key Super administrato...

Страница 40: ...er cord near entrances or exits to avoid being trampled 8 When using extension cord please pay attention to its power load The total electricity consumption of devices attached to the same extension l...

Страница 41: ...e product is accidentally dropped on the ground or the shell has any damage e When product features change significantly which indicates a need for maintenance Appendix C Technical Support If you have...

Страница 42: ...Sansec HSM User Manual V2 2 38...

Отзывы:

Нет отзывов

Похожие инструкции для HSM

Бренд: IBM Страницы: 40

Бренд: NEC Страницы: 151

SUPERO SuperServer 6026TT-GIBQRF

Бренд: Supero Страницы: 104

Бренд: TYAN Страницы: 64

Vlinx Serial Servers ESP901E

Бренд: B&B Electronics Страницы: 92

x3100 M5 Type 5457

Бренд: IBM Страницы: 688

Sun Fire X2100 M2

Бренд: Sun Microsystems Страницы: 128

Бренд: 3Com Страницы: 122

Бренд: t.a.c. Страницы: 36

Бренд: Opengear Страницы: 4

imagePRESS Server G200

Бренд: Canon Страницы: 98

imagePRESS A3200

Бренд: Canon Страницы: 192

ColorPass-Z7400

Бренд: Canon Страницы: 210

Бренд: HP Страницы: 38

ProLiant DL320 Generation 4

Бренд: HP Страницы: 70

ProLiant DL288 GENERATION 6

Бренд: HP Страницы: 45

ProLiant DL360e Gen8

Бренд: HP Страницы: 116

ProLiant DL20 Generation9

Бренд: HP Страницы: 48

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды