Hardware Security Module
13.1.2 Install a Signed VACMAN Controller Firmware Module
VACMAN Controller Safenet HSM
packages version 3.10.1.0 or greater will contain a signed version of the
VACMAN Controller Firmware module. To install this module:
1.
Import the VASCO signing Certificate into the admin slot.
ctcert i -f <CertExportFileName> crt -s <AdminSlotID> -l <CertificateName>
where
<CertExportFileName>
is the VASCO code signing certificate (vascosigningcert.crt),
<AdminSlotID>
is the ID of the administration slot to which the certificate is being copied, and
<CertificateName>
is the certificate to be imported.
2.
Provide the admin PIN for the import.
3.
Mark the VASCO signing certificate as trusted in the admin slot.
ctcert t -l <CertificateName> -s <AdminSlotID>
where
<CertificateName>
is the certificate to be trusted, and
<AdminSlotID>
is the ID of the
administration slot to which the certificate has been imported.
4.
Upload the signed module to the HSM
ctconf -b <CertificateName> -j aal2sdk.fm
13.1.3 Create SafeNet Storage Key
Use the SafeNet
Key Management Utility
to create a secret key to use as IDENTIKEY Appliance storage key. This
will require an administrator login to the token. Note the token label and key label used.
Required key attributes:
double or triple DES
encrypt enabled
sensitive
wrap and unwrap enabled
private optional
exportable optional if key backup in use
All other options disabled
13.1.4 Create SafeNet Sensitive Data Key
Use the SafeNet
Key Management Utility
to create a sensitive data key. This will require an administrator login to
the token, and can be created in the same or different slot to the storage key created earlier. Note the token label
and key label used.
Required attributes:
AES
128-bit
IDENTIKEY Appliance Installation and Maintenance
103
