NShield Operator
NShield Operator
Windows
Version: 5.5
Date: 03 November 2005
© Copyright 2005 nCipher Corporation Limited, Cambridge, United Kingdom.
Neither the whole nor any part of the information contained in this document may be adapted or
reproduced in any material or electronic form without the prior written consent of the copyright holder.
nCipher™, nForce™, nShield™, payShield™, nCore™, nToken™, nFast Ultra™, nForce Ultra™,
netHSM™, KeySafe™, CipherTools™, CodeSafe™, keyAuthority™, SEE™, and the SEE logo are
trademarks of nCipher Corporation Limited.
nFast® and the nCipher logo are registered trademarks of nCipher Corporation Limited.
All other trademarks are the property of the respective trademark holders.
Information in this document is subject to change without notice.
nCipher Corporation Limited makes no warranty of any kind with regard to this information, including,
but not limited to, the implied warranties of merchantability and fitness for a particular purpose. nCipher
Corporation Limited shall not be liable for errors contained herein or for incidental or consequential
damages concerned with the furnishing, performance or use of this material.
Commercial Computer Software - proprietary
This computer software and documentation is Commercial Computer Software and Computer Software
Documentation, as defined in sub-paragraphs (a)(1) and (a)(5) of DFAR § 252.227-7014, "Rights in
Noncommercial Computer Software and Noncommercial Computer Software Documentation". Use,
duplication or disclosure by the Government is subject to nCipher's standard US Terms And Conditions
for the Product.
Patents
UK Patent GB9714757.3. Corresponding patents/applications in USA, Canada, South Africa, Japan and
International Patent Application PCT/GB98/00142.
Chapter 1: Introduction 7
General information 7
Audience 8
Contents of this guide 8
Conventions 9
Additional Documentation 12
Further information 12
General information
This guide describes how to use an nShield, payShield or payShield
Ultra hardware security module (or HSM) to protect and accelerate
the performance of the longterm cryptographic keys that are used by
your applications, including payment and related applications on
payShield modules.
In this guide, the term nShield refers to any of the nShield, payShield
or payShield Ultra modules. Information specific to the payShield and
payShield Ultra modules is clearly marked.
Audience
Read this guide if you need to manage keys or perform other tasks on
an nShield module that do not require an Administrator Card.
This guide assumes that you are familiar with the basic concepts of
cryptography and Public Key Infrastructure (PKI).
This guide assumes that you have read the Hardware Installation
Guide and that you have installed your nShield or payShield module.
Conventions
nCipher modules
The following terms are used to distinguish different module versions:
Version numbers
The version number shown on the copyright page and at the bottom
of each page in this guide is the version number of this document.
Please quote this version number if you contact Support at nCipher
with queries about nCipher documentation.
nCipher software
The hardserver software controls communication between
applications and nCipher modules, which may be installed locally or
remotely. It runs as a service on the host computer.
Default directory
By default, nCipher software is installed in the /opt/nfast/ (Unix) or
C:\nfast (Windows) directory, referred to as the nCipher directory.
Instructions in this guide are given on the assumption that nCipher
software was installed in this location. If you install the software in
another directory, you must set the environment variable
NFAST_HOME to point to the directory where the software is
installed. You can choose to install nCipher software in another
location, in which case you must substitute your location accordingly.
An environment variable, NFAST_HOME, is used to specify the
default location for nCipher software. For further information on
setting environment variables, refer to the Administrator Guide.
Typographical conventions
Note The word Note in the margin indicates the appearance of important
supplemental information.
If there is a danger of static damage, this is indicated by the reaching
hand symbol in the margin.
install
Keyboard keys that you must type are represented like this: Enter ,
Ctrl - C .
Additional Documentation
This guide forms one part of the information and support provided by
nCipher. The following documents are produced to support nCipher
products, and the guides for your product can be found in the
document directory of the CD-ROM for that product:
Further information
Release notes containing the latest information about the nCipher
products are available in the release directory of the CD-ROM.
nCipher also supplies a performance tool that you can use to test Web
server performance both with and without an nCipher module in order
to confirm performance. This tool is supplied separately. If you
require a copy, contact your nCipher sales representative.
If you cannot find the information you need or you are unable to solve
a problem with your nCipher module, contact Support at nCipher by
sending E-mail to [email protected].
The security world infrastructure lets you perform and control all
these activities under your chosen security policy.
Distributing the keys used for different tasks within the security world
over different storage media means that a security world can recover
from the loss of any one element. It also increases the difficulties
faced by an attacker, who needs to obtain all the elements before
gaining any information.
Security
Most importantly, a key-management system must store keys
securely. Security must be designed into the system from the start; it
cannot be added later.
The nCipher security world has been designed to ensure that keys
remain secure throughout their life cycle. The security world uses
multiple interlocking keys, and because of this, each key is always
protected by another key, even during recovery operations.
The security world uses smart cards for two different purposes:
• one set of cards forms an Administrator Card Set that is used to
control access to recovery functions
• one or more sets of cards referred to as Operator Card Sets that
are used to control access to application keys.
Note In strict FIPS 140-2 Level 3 security worlds, the Administrator Card
Set or an Operator Card Set is needed to authorize most operations,
including the creation of keys and Operator Card Sets.
Each user can access the keys protected by the security world and the
keys protected by their Operator Card Set. They cannot access keys
that are protected by other Operator Card Sets.
The smart cards that are used as Operator Cards employ the security
world key to perform a challenge-response protocol with the module.
This means that Operator Cards can only be used by a module
belonging to the same security world that they do.
Note An individual smart card can be used as either a part of the
Administrator Card Set or as part of an Operator Card Set, but not as
part of both.
A security world that complies with the roles and services section of
FIPS 140-2 level 2 does not require any authorization to create an
Operator Card Set or an application key. All security worlds rely on
the security features of your operating system to control which users
can write data to the host.
If you choose to create a security world that complies with FIPS 140-
2 level 3, the module initializes in strict FIPS mode. This option
ensures that the module complies with the roles and services, key
management, and self-test sections of FIPS 140-2 at level 3, as
described in its validation certificate.
Application independence
A security world can protect keys for any nCipher-aware software.
Each key belongs to a specific application and is only ever used by
that application. However, within a single security world, every key
can belong to a different application. Keys are stored along with any
additional data that is required by the application.
You do not need to specify which applications you will use. You can
add a key for any supported application at any time.
The security world requires no knowledge of how the key will be used
by an application. A security world controls the protection for the key;
the application determines how it is used.
Platform independence
A security world is completely platform independent. All key
information is stored in nCipher's proprietary format. This format can
be read by any computer supported by nCipher, regardless of the
native format used by that computer. This means that you can safely
move a security world between platforms, even between platforms
with differing native formats. For example, you can move a security
world between Windows and UNIX platforms. You can also include
hosts running different operating systems in the same security world.
Note When copying host data between computers using different Operating
Systems or disk formats, use a mechanism that preserves the original
data format and line endings (such as .tar file archives).
Flexibility
Within a security world, you can choose the relevant level of
protection for each application key that you create.
An Operator Card Set stores a number of symmetric keys that are used
to protect the working keys. These keys are Triple DES keys.
If you want to use keys protected by the card set across multiple
modules, you may want to make K equal to 1 and N equal to the
number of modules. You can then insert a card into each module.
If you want to issue the same key to a set of users, again you would
want to make K equal to 1 and N equal to the number of users, giving
one card to each user.
working card fails, retrieve the spare card from the safe and use it until
you re-create a new set of two cards, as described in Replacing an
Operator Card Set or recovering keys to softcards on page 28.
Note You can only recover card sets that were created with the recovery
option explicitly set.
You can change the pass phrase on a card at any time. For information
on changing pass phrases, see Changing card and softcard pass
phrases on page 81. This requires the card, the existing pass phrase,
and a module that belongs to the security world.
Note Some applications do not support the use of pass phrases.
Although this feature provides added security, it means that only one
user can load keys at any time because there is only one smart card
reader on the module.
Keys that are protected by a given Operator Card Set cannot be shared
simultaneously between a large pool of modules.
Although the module stores the key, the key is only available to the
application that loaded it. If you want to use keys protected by this
card in another application, you must re-insert the card, and enter its
pass phrase if it has one. Certain applications are designed to allow
only one user to be logged in at a time, in which case they remove any
previously loaded persistent Operator Card Set used in that
application before allowing the user to log into with a new Operator
Card Set.
A softcard's pass phrase is set when you generate it, and you can use
a single softcard to protect multiple keys. Softcards function as
persistent 1-of-1 logical tokens, and after a softcard is loaded, it
remains valid for loading its keys until its KeyID is destroyed.
Robustness
If you are using cryptography in a production environment, you need
to know that it will work 24 hours a day, 7 days a week. If something
goes wrong, you must be able to recover without compromising your
security. An nCipher security world offers all of these features.
You should regularly back up the data stored in the kmdata directory
safely with your normal backup procedures.
The cards in the Administrator Card Set are only used for recovery
operations and adding extra modules to a security world. At all other
times, these cards should be stored in a safe.
Note In strict FIPS 140-2 Level 3 security worlds, the Administrator Card
Set or an Operator Card Set is needed to control many operations,
including the creation of keys and Operator Card Sets.
Replacing a module
If you have a problem with a module, you can replace it with a new
module by using the Administrator Card Set and the recovery data to
load the security world key securely. Use the same mechanism to
reload the security world key if you need to upgrade the firmware in
the module or if you need to add extra modules to the security world.
You cannot replace the Administrator Card Set unless you have the
required number of current cards and access to their pass phrases.
Therefore, as soon as you lose one card, or as soon as one card fails,
you should replace the set.
Although replacing the Administrator Card Set deletes the copy of the
recovery data on your host, the old Administrator Card Set can still
be used with the old host data, which may be on backup tapes and
other hosts. To protect against this risk, you must immediately erase
the old Administrator Cards after you create a new Administrator
Card Set.
world creation process. Once set during security world creation, the
ability (or inability) to recover an Operator Card Set can never be
altered.
Note Keys protected by an Operator Card Set can only be recovered to
another Operator Card Set, and not to a softcard. Likewise, softcard-
protected keys can only be recovered to another softcard, and not to
an Operator Card Set.
You can use the rocs command-line utility or KeySafe to create new
working copies of your keys protected by the key on a given card set.
To recover keys protected by one softcard to another softcard, you
must use the rocs command-line utility.
Storing any key recovery data introduces some extra risk, because an
attacker with the Administrator Card Set and a copy of the recovery
data could re-create your security world. You may have some keys
that you consider to be especially sensitive. In this case, if you lose the
Operator Card Set that protects the key, you may choose to issue a new
key. Therefore, you can turn off the key recovery feature for the
security world or for a specific key.
Recovery data can only be generated when you create the security
world or key. If you choose not to create recovery data when you
generate the security world or key, it cannot be added later. If you have
not selected the recovery feature for the security world, it cannot be
enabled for any key in the security world.
Similarly, if you choose to create recovery data when you generate the
security world or key, it cannot be removed later in a secure manner.
The recovery data for application keys is kept separate from the
recovery data for the security world key. The security world always
creates recovery data for the security world key. It is only the recovery
of application keys that is optional.
Scalability
A security world is scalable. You can add multiple modules to a server
and share a security world across multiple servers. You can also add
Operator Card Sets and application keys at any time. You do not need
to make any decisions about the size of the security world when you
create it.
If you want to have access to the same keys on every server, you must
ensure that all changes to the data are propagated to the remaining
servers. If your are part of a cluster, then the tools provided by the
cluster should synchronize the data. If the servers are connected by a
network, then they could all access the same copy of the data. There
is no risk of an attacker obtaining information by snooping on the
network, as the data is only ever decrypted inside a module.
Alternatively, you can maintain copies of the data on different servers.
Load sharing
If you have more than one module on your system and you load the
same key onto each module, your nCipher-aware applications can
make use of the load sharing features in the nCipher server to share
the cryptography between them.
Note It is up to the application to implement load sharing. Some
applications may not be able to make use of this feature.
KeySafe does not provide tools to back up and restore the host data or
update module firmware, nor does KeySafe provide tools to
synchronize host data between servers. These functions can be
performed with your standard system utilities.
The current PKCS #11 standard only supports tokens that are part of
a 1-of-N card set.
Risks
Even the best-designed tools cannot offer security against every risk.
Although a security world can control which user has access to which
keys, it cannot prevent a user from using a key fraudulently. For
example, a security world can only determine whether a user is
authorized to use a particular key; it cannot determine whether the
message being sent with that key is accurate.
A security world can only manage keys that were created inside the
security world; keys created outside a security world, even if imported
into the security world, may remain exposed to a security risk.
Most failures of security systems are not the result of inherent flaws
in the system, but result from carelessness on the part of the users. The
following basic rules apply to any security system:
• Keep your smart cards safe.
• Always obtain smart cards from a trusted source: from nCipher
or directly from Gemplus.
• Never insert a smart card used with nCipher key management
into an untrusted smart card reader.
• Never insert any untrusted smart card into your module.
• Never tell anyone your pass phrase.
• Never write down your pass phrase.
• Never use a pass phrase that is easy to guess.
• Only use the Administrator Card Set in modules connected to
trusted hosts.
Note If you have any doubts about the security of a key and/or security
world, you should replace that key and/or security world with a newly
generated one.
Starting KeySafe
In order to use KeySafe, Sun’s Java run-time environment version 1.5,
or the equivalent developer kit must be installed. It is recommended
that you install it before you install the nCipher components. The Java
executable must be on your path.
Note You can download Sun's Java Run-time Environment (and Java
Developer Kit) from http://www.sun.com/. If your security policy does
not allow the use of downloaded software, these components can be
obtained on CD-ROM from Sun or your Operating System vendor.
In order for KeySafe to work, you must set priv_port (the port on
which the hardserver listens for local privileged TCP connections) to
9001 and nonpriv_port (the port on which the hardserver listens for
local nonprivileged TCP connections) to 9000.
Note See the Administrator Guide for information on setting these
parameters. (For information about setting environment variables,
see the appropriate Administrator Guide for your module.)
Start KeySafe by selecting the KeySafe entry from the Programs folder
on the Windows Start menu.
Sidebar
The sidebar provides access to different parts of the KeySafe
application (with the menu buttons) and also displays information
about both the current security world and your module or modules
(with the Module Status tree).
Menu buttons
There are six menu buttons at the top of the sidebar:
• Introduction
Clicking the Introduction menu button takes you to the
introductory panel that KeySafe displays at startup.
• Keys
Clicking the Keys menu button takes you to the Key Operations
panel, from which you can choose to create, import, view, or
destroy keys.
• Cards
Clicking the Cards menu button takes you to the Card Operations
panel, from which you can:
- create, view, or erase Operator Cards
- change the pass phrase on an Operator or Administrator
Card, or recover the pass phrase from an Operator Card
- replace an Operator or Administrator Card Set.
• Softcards
Clicking the Softcards menu button takes you to the Softcard
Operations panel, from which you can:
- create, view or erase softcards
- change or recover the pass phrase on a softcard
• Modules
Clicking the Modules menu button takes you to the Module
Operations panel, from which you can initialize a security world,
add modules to a security world, or remove modules from a
security world. You cannot perform these operations on a module
that is not in the pre-initialization state.
• Exit
Clicking the Exit button displays a dialog asking whether you are
sure you want to exit KeySafe. Click Yes (or press Enter ) to exit
KeySafe; click No to continue using KeySafe. Clicking the Exit
dialog’s close-window button will take you back to your KeySafe
session. These features prevent you from closing KeySafe
accidentally.
Below the computer icon in the Module Status tree are icons and text
identifiers representing the current security world and your
module(s). To the left of each icon is an expand/collapse toggle. By
default, when KeySafe starts, these toggles are on their collapsed
When you toggle the Module Status tree view of security world
information to its expanded setting, KeySafe reports Yes or No for
each of the following conditions:
• the security world is initialized
• key recovery is enabled for this security world (for more
information on key recovery, see the Administrator Guide)
• pass phrase recovery is enabled for a security world (for more
information on pass phrase recovery, see the Administrator
Guide)
Module information
When you toggle the Module Status tree view of module information
to its expanded setting for a given module, KeySafe displays:
• the module’s electronic serial number (ESN), which is a unique
identifier. You must quote a module’s ESN if you need to contact
Support at nCipher. Keep a record of the ESN(s) associated with
your module(s).
• the module’s state, which will be one of the following:
- PreInitMode, indicating that the module is in the pre-
initialization state
- InitMode, indicating that the module is in the initialization
state
- Operational:Useable, indicating that the module is in the
current security world and can be used for key operations
- Operational:Unknown, indicating that the module’s state
could not be determined
- Operational:Uninitialized, indicating that the module key is
set and that the module must be initialized before use
- Operational:Factory, indicating that the module key is set to
the factory default
- Operational:Foreign, indicating that the module is from an
unknown security world
- Operational:AccelOnly, indicating that the module is an
acceleration-only module
The Module status tree has an Advanced folder that shows the
following details when expanded:
• the version of the module’s firmware
• whether the module has a Real Time Clock (RTC)
• whether the module has nonvolatile memory (NVRAM).
Navigation buttons
At the bottom left of the Module Operations panel are three navigation
buttons. Clicking a navigation button does not commit you to an
action, but instead selects an operation and loads another panel of
additional information and options related to the selected operation.
From the Module Operations panel, for example, clicking the Erase
Module navigation button does not itself erase a module, but rather
loads the Erase Module panel:
Command buttons
At the bottom right of the Erase Module panel is a command button
(the Erase Module! command button, in this case). Unlike clicking a
navigation button, clicking a command button does commit you to an
operation. Clicking a command button tells KeySafe to write or delete
data: it is not necessarily possible to reverse such changes even if you
subsequently cancel the operation.
Some panels require that, before you can click a command button, you
select options by means of radio buttons or that you enter data into text
fields:
Back buttons
Some KeySafe panels have Back buttons. Clicking a Back button takes
you to the panel from which the panel you are on is normally reached.
For example, clicking the Back button on the Erase Module panel takes
you to the Module Operations panel, and clicking the Back button on
the Examine/Change Card panel takes you to the Card Operations
panel.
Errors
If KeySafe detects an error from which it cannot recover, it may
display a Fatal Error message, such as:
The error message shown could also indicate that the nCipher server
is not running (or that your module is physically disconnected). If the
nCipher server is not running, take the following steps:
1. Exit KeySafe.
2. Restart the server as described in the section hardserver on page
221.
3. Restart KeySafe.
This error may mean that your nCipher server or nCipher firmware is
not current. To update your firmware, take the following steps:
1. Exit KeySafe.
2. Update the nCipher firmware as described in the Administrator
Guide.
3. Restart KeySafe.
Note The firmware upgrade process destroys all persistent data held in a
key-management module. If your security system requires that the
persistent data held in a key-management module must survive intact
during the upgrade or initialization of the key-management module, a
backup and recovery mechanism of your kmdata directory must be
implemented.
This error occurs if you attempt to create a card set with more than 64
cards.
Contact Support at nCipher if you receive any other error message that
looks similar to the one shown below:
This chapter describes tasks with Operator Card Sets and softcards.
These tasks do not normally require an Administrator Card Set to
authorize them.
Note Some tasks described in this chapter, when performed within a
security world that complies with the FIPS 140-2 level 3 standard, do
require either an Administrator Card or an Operator Card from an
existing set for authorization.
Operator Card Sets belong to the security world in which they are
created. When you create an Operator Card Set, the smart cards in that
set can only be read by modules belonging to the same security world.
The cards cannot be read, erased, or reformatted by a module from a
different security world.
Note IIS can only use Operator Card Sets that require a single card for
authorization and which do not have a pass phrase set.
Note iPlanet can only use Operator Card Sets that require a single card for
authorization. This card must have a pass phrase set.
Note Netscape Certificate Server can only use Operator Card Sets that
require a single card for authorization. This card must have a pass
phrase set.
Keys protected by a persistent card set can be used for as long as the
application that loaded the Operator Card Set remains connected to
the module (unless that application removes the keys).
Time-outs
Operator Card Sets can be created with a time-out, so that they can
only be used for limited time after the Operator Card Set is loaded. An
Operator Card Set is loaded by most applications at start up or when
the user supplies the last required pass phrase. Once an Operator Card
3. Click the Create New OCS navigation button. KeySafe takes you
to the Create Operator Card Set panel:
10. Choose whether you want this Operator Card Set to have a time-
out, after which the card set must be inserted again, and enter
value for the time-out length in seconds.
11. Enter the number of Operator Cards needed to re-create a key (K).
K must be less than or equal to N.
12. When you have entered all the details, click the Create OCS!
command button. KeySafe takes you to a new Create Operator
Card Set panel, which prompts you to insert a card to use as the
first card in the set:
13. Insert a blank card into the appropriate smart card slot. If you
insert a card from another Operator Card Set or another
security world, KeySafe asks whether you want to erase it. If you
insert an Administrator Card from the current security world,
KeySafe prevents you from accidentally erasing it.
Note When creating a card set, KeySafe recognizes cards that already
belong to the set before the card set is complete. If you accidentally
insert a card to be written again after it has already been written, you
receive a warning.
14. After you insert a blank card (or have erased an existing card),
click the OK button to continue the process of creating an
Operator Card Set. KeySafe takes you to the Set Card Protection
Pass Phrase panel:
Select whether or not you want to set a pass phrase for the
currently inserted card. Each card in a set can have an individual
pass phrase, and you can also create a set in which some cards
have pass phrases and others do not.
Note Because neither IIS nor OpenSSL/SSLeay have mechanisms for
entering pass phrases, you must not give pass phrases to Operator
Cards that are to be used with these applications.
If you want to set a pass phrase for the currently inserted card,
enter the same pass phrase in both text fields. A pass phrase can
contain any characters you can type except for tabs or carriage
returns (because these keys are used to move between data
fields).
You can change a pass phrase at any time. If you do not set a pass
phrase now, you can use KeySafe’s Change Pass Phrase option
(on the Examine/Change Card panel) to add one later. Likewise,
if you later decide that you do not need a pass phrase on a card,
you can use this option to remove it.
After entering your desired pass phrase (if any) in both text fields,
click the OK button. Unless you have entered details for the last
card in the set, KeySafe returns you to the Create Operator Card
Set panel and prompts you to enter the next card in the set to be
written.
15. After KeySafe has written the details of the last smart card in the
set, it displays a dialog box indicating that the Operator Card Set
has been successfully created. Click the OK button, and KeySafe
returns you to the Create Operator Card Set panel, where you can
create another Operator Card Set or choose a different operation
by clicking one of the menu buttons.
5. When all modules are in the operational state, the wizard displays
the following window:
6. Ensure that the Operator Card Set option is enabled, and then
select the Create a new Operator Card Set option.
If you want the Operator Card Set to be persistent, select the
Persistent option. Persistence is described in Persistent Operator
Card Sets on page 50.
7. Click the Next button, and if you have a FIPS world, the wizard
displays the following window:
Note This shows that your security world is compliant with the roles and
services of the FIPS 140-2 level 3 standard. It is included for those
customers who have a regulatory requirement for compliance.
Under the constraints of level 3 of the FIPS 140-2 standard,
Operator Cards cannot be created without authorization. To
obtain authorization, insert any card from the Administrator Card
Set or any Operator Card belonging to the current security world.
The wizard does not enable the Next world, the wizard warns you
and prompts you for another card.
8. Click the Next button.
The wizard prompts you for a smart card to use as the first card
in the Operator Card Set.
If you want to protect this card with a pass phrase, turn on the
Card will require a pass phrase option, and enter the pass phrase.
You must enter the pass phrase in both fields to ensure that you
have typed it correctly.
Note Operator Cards with pass phrases are required by the nCipher
PKCS #11 library.
11. If you have not yet written all the smart cards in the Operator
Card Set, the wizard prompts you for another card. Repeat step 9
and step 10 for all smart cards in the set.
12. When you have created the Operator Card Set, the wizard
displays the following window:
If you want to create another Operator Card Set, click the Back
button.
When you have created all the Operator Card Sets that you
require, click the Next button to install the CSP.
In this command:
-m MODULE, --module=MODULE
These options specify the module number of the module
to be used to create the token. If you only have one
module, MODULE is 1.
-Q, --ocs-quorum=K/N
In these options, K is the minimum required number of
cards. If you do not specify the value K, the default is 1.
Note Some applications do not have mechanisms for requesting that cards
be inserted. Therefore any Operator Card Sets that you create for use
with these applications must have K=1.
N is the total number of cards. If you do not specify the
value N, the default is 1.
-N, --name=NAME
These options enable you to name the card set. The card
set must be named with this option before individual
cards can be named using the -M, --name-cards=NAME
options.
-M, --name-cards
These options enable you to name individual cards
within the card set. You can only use this option after
the card set has been named by using the --name=NAME
Creating softcards
You must create a softcard before you create the keys that it is to
protect.
A softcard’s pass phrase is set when you generate it, and you can use
a single softcard to protect multiple keys. Softcards are persistent;
after a softcard is loaded, it remains valid for loading the keys it
protects until its KeyID is destroyed.
Note It is possible to generate multiple softcards with the same name or
pass phrase. For this reason, the hash of each softcard is made unique
(unrelated to the hash of its pass phrase).
Note To use softcards with PKCS #11, you must have
CKNFAST_LOADSHARING set to a nonzero value. When using pre-
loaded softcards or other objects, the PKCS #11 library automatically
sets CKNFAST_LOADSHARING=1 (load-sharing mode on) unless it
has been explicitly set to 0 (load-sharing mode off).
As with Operator Card Sets, if debugging is enabled, a softcard’s pass
phrase hash is available in the debug output (as a parameter to a
ReadShare command).
After you have confirmed the pass phrase, ppmk completes creation
of the new softcard.
See ppmk on page 274 for more usage information about ppmk.
6. Set a pass phrase for the softcard by entering the same pass
phrase in both text fields.
A pass phrase can contain any characters you can type except for
tabs or carriage returns (because these keys are used to move
between data fields) and can be up to 1024 characters long. You
can change a pass phrase at any time.
7. After entering your desired pass phrase in both text fields, click
the OK button.
KeySafe displays a dialog box indicating that the softcard has
been successfully created.
You can erase Operator Cards using KeySafe or the createocs utility.
You can also use these methods to erase Administrator Cards other
than those in the current Administrator Card Set, for example, the
remaining Administrator Cards from an incomplete set that has been
replaced or Administrator Cards from another security world.
Note None of these methods erases cards from the current Administrator
Card Set.
If you erase an Operator Card that is the only card in an Operator Card
Set, information about the card set is deleted. However, if you erase
one card from an Operator Card Set of multiple cards, you must
remove the card information after you have erased the last card.
to the application the slot you are going to use to insert the card. You
need to insert the card only once in a session. You can therefore use
one of the cards that you are about to erase.
-m|--module=MODULE
-e, --erase
See createocs on page 153 for more information about this command-
line utility.
Erasing softcards
Erasing a softcard deletes all information about the softcard from the
host. (For information about security world data and the remote file
system, see the appropriate Administrator Guide for your module
type.) You can erase softcards using Keysafe or with the ppmk
command-line utility.
Examining a Card
In order to view information about individual cards with KeySafe,
follow these steps:
From the List Operator Card Sets panel, you can also choose to
remove an Operator Card Set from the security world by clicking the
Remove OCS! button. (See Erasing card sets with KeySafe on page
72).
To list the Operator Card Sets in the current security world from the
command line, open a command window, and give the command:
nfkminfo --cardset-list
nfkminfo TOKENHASH
name "name"
k-out-of-n 1/1
flags NotPersistent
timeout none
card names ""
hkltu 794ada39038fa8c4e9ea46a24136bbb2b8b337f2
Note In the current release, not all software can give names to individual
cards.
See nfkminfo on page 249 for more information on using this utility.
Viewing softcards
Softcards can be viewed using Keysafe or from the command line. On
the command line there are several ways of viewing information
about them.
nfkminfo --softcard-list
In this command IDENT is the softcard’s logical token hash (as given
by running the command nfkminfo --softcard-list). This command
displays output information similar to the following:
SoftCard
name "mysoftcard"
hkltu 7fb95888ea2850d4e3ffcc8f0c22100937344308
Keys protected by softcard 7fb95888ea2850d4e3ffcc8f0c22100937344308:
AppName simple Ident mykey
AppName simple Ident myotherkey
See nfkminfo on page 249 for more information on using this utility.
C:\nfast\bin\ppmk.exe --list
In this command --list specifies that you want to list the softcards in
the current security world.
In this command, you can identify the softcard whose details you
want to view either by its name (NAME) or by its logical token hash
(as given by running the command nfkminfo --softcard-list).
See ppmk on page 274 for more information on using this utility.
--check
--module=MODULE
The cardpp utility polls all available slots; if there is no card inserted,
it prompts you to insert one. If the card belongs to this security world,
cardpp either tells you if no pass phrase is set or prompts you to enter
the pass phrase and checks to see if it is correct.
In this command, you can identify the softcard whose pass phrase you
want to verify either by its name (NAME) or by its logical token hash
(as given by running the command nfkminfo --softcard-list).
ppmk prompts you to enter the pass phrase and then tells you whether
the pass phrase you entered is correct for the specified softcard.
See ppmk on page 274 for more information on using this utility.
If you have generated your security world with pass phrase recovery,
you can also replace the pass phrase for an Operator Card or softcard
even if you do not know the existing pass phrase.This operation,
however, requires authorization from the Administrator Card Set; see
the Administrator Guide for more information.
Each softcard or card of a card set can have its own individual pass
phrase: you can even have a card set in which some cards have pass
phrases and others do not, and you can have distinct softcards that
nevertheless use the same pass phrase. A pass phrase can be of any
length and can contain any characters that you can type.
If you have generated your security world with pass phrase recovery,
you can also replace the pass phrase for an Operator Card even if you
do not know the existing pass phrase.This operation, however,
requires authorization from the Administrator Card Set.
Each card in a set can have its own individual pass phrase: you can
even have a set in which some cards have pass phrases and others do
not. A pass phrase can be of any length and can contain any characters
that you can type.
Note There is no absolute limit on the length of pass phrases. However,
some applications may not accept pass phrases longer than 255
characters. Likewise, the security world does not impose restrictions
on which characters you can use, although some applications may not
accept certain characters.
In this command, you can identify the softcard whose pass phrase
you want to change either by its name (NAME) or by its logical
token hash as listed by nfkminfo (IDENT).
ppmk.exe prompts you to enter the old pass phrase.
2. Type the old pass phrase, and press Enter . If you enter the old
pass phrase correctly, ppmk.exe prompts you to enter the new
pass phrase.
3. Type the old pass phrase, and press Enter . Type the new pass
phrase again, and press Enter to confirm it.
After you have confirmed the new pass phrase, ppmk.exe then
changes the softcard’s pass phrase.
Lost cards
If you have lost a card from a card set, you can replace the card set
using the rocs utility or KeySafe’s Replace Operator Card Set option
(reached from the Card Operations panel). See the Administrator
Guide for more information about replacing operator card sets.
Deleting an Operator Card Set’s information from the host does not
remove the data for keys protected by that card set. On KeySafe’s List
Keys panel (reachable from the Key Operations panel), such keys are
listed as being protected by Deleted Card Set.
If you have purchased a payShield module, you can also load existing
keys from other media. See the Key-loading Solution Guide for
details.
Generating keys
Generating a key creates both a key and a certificate request for the
following application types:
• embed (OpenSSL)
• ssleay
• iis34
When you attempt to generate keys for a security world that complies
with FIPS 140-2 level 3, you are prompted to insert an Administrator
Card or Operator Card. You may need to specify to the application,
the slot you are going to use to insert the card. You need to insert the
card only once in a session.
When you generate a key with generatekey, choose a new identifier for
the key and use whichever application type is appropriate; see
generatekey on page 200 for more information about application
types. The key identifier can only contain digits and lowercase letters;
it cannot contain spaces, underscores (_), or hyphens (-).
--generate
OPTIONS
APPNAME
NAME=VALUE
See generatekey on page 200 for more details about using the
generatekey command-line utility.
4. Select an application with which you want to use your key from
the list, and then click the Next button. KeySafe takes you to the
Key Generation Parameters panel.
Importing keys
Importing a key takes an unprotected key stored on the host and stores
it in the security world in encrypted form.
nCipher recommends generating a new key (or retargeting a key from
within the security world) instead of importing an existing key
whenever possible. The import operation does not delete any copies
of the key material from the host, and because existing keys have been
stored in a known format on your hard disk (and key material can
persist on backup media), there is a risk that an existing key has been
compromised. It is your responsibility to ensure any unprotected key
material is deleted. If a key was compromised before importation,
then importing it does not make it secure again.
When you attempt to import keys into a security world that complies
with FIPS 140-2 level 3, you are prompted to insert an Administrator
Card or Operator Card. You may need to specify the slot you are going
to use to insert the card. You need to insert the card only once in a
session.
--import
OPTIONS
APPNAME
NAME=VALUE
In this example, generatekey requires you to input RSA for the key
type.
See generatekey on page 200 for more details about using the
generatekey command-line utility.
4. Select the application associated with the key that you want to
import, and then click the Next button. KeySafe takes you to the
Key Import Parameters panel.
5. Select and enter the desired parameters for the key that you want
to import.
The types of information that you need to provide on the Key
Import Parameters panel will differ slightly depending on the
application you selected on the Import Key panel. Below, as an
example, is the Key Import Parameters panel associated with
nCipher native applications:
6. When you have supplied parameters for the key that you want to
import, click the Next button.
7. If you choose to import a key that is protected by a smart card,
KeySafe takes you to the Load Operator Card Set panel. Follow
the onscreen instructions, inserting the required number of
Operator Cards and supplying any pass phrases as needed.
8. KeySafe displays a message indicating that the key has been
successfully imported. Click the OK button.
9. KeySafe returns you to the Import Key panel, from which you can
import another key or choose another operation.
C:\nfast\bin\generatekey --list-apps
When you retarget a key, you cannot change its protection method.
You cannot change the key from module-protected to card-protected,
or from card-protected to module-protected.
In this command:
--retarget
OPTIONS
APPNAME
from-application=appname
from-ident=keyident
If generatekey cannot identify the key type for retargeting, you are
prompted to specify the key type. Input the key type and press Enter .
Viewing keys
You can view existing keys in the security world using KeySafe or the
nfkminfo command-line utility.
3. Click the List Keys navigation button. KeySafe takes you to the
Key Listing panel:
The Key Listing panel displays all the keys that have been created in
(or imported in to) the current security world. It displays the name of
the key, the application for which it was created, the protection
method that was used and whether the key is stored in NVRAM.
From the Key Listing panel, you can choose to discard a key from the
security world by clicking the Discard Key button. (See Discarding
keys on page 103 ).
nfkminfo -k [APPNAME[IDENT]]
nfkminfo -l [APPNAME[APPNAME...]]
The --key-list (-k) option lists keys only. The --name-list (-l) option lists
keys and their names.
To list information about a specific key, use the --key-list and specify
an application and key identifier:
Discarding keys
Discarding a key deletes the information about the key from the host
disk. This option is only available in KeySafe.
If you have backup media, you can restore the information and the key
will become usable again. Likewise, if you have copies of the security
world data on several computers, erasing the data on one computer
does not remove it from any other computer.
To destroy a key permanently you must either erase the Operator Card
Set that is used to protect it or erase the security world completely.
There are no other ways to destroy a key permanently.
Restoring keys
nCipher does not supply tools for restoring a key that has been
discarded. However if you have kept a backup of the host data for the
security world, you can restore a key from the backup data.
Note If you have NVRAM-stored keys, you must additionally ensure you
have a backup of the key data stored on the relevant modules.
Using keys
Configure the application to load the nCipher Cryptographic
Hardware Interface Library plug-in:
C:\\nfast\toolkits\nfhwcrhk\nfhwcrhk.dll
Generating keys
Generate the key with KeySafe or generatekey, choosing a new
identifier for the key; see Generating keys on page 86. Use the hwcrhk
or embed key type, as appropriate.
The key identifier can only contain digits and lowercase letters; it
cannot contain spaces, underscores (_), or hyphens (-).
In order to share keys with load sharing, you must create a 1-of-N
Operator Card Set with at least as many cards as you have modules.
All the cards on the Operator Card Set must have the same pass
phrase.
security.provider.1=com.ncipher.fixup.provider.nCipherRSAPrivateEncrypt
security.provider.2=com.ncipher.provider.km.nCipherKM
jceclasspath;C:\nfast\java\classes\nfjava.jar;C:\nfast\java\classes\kmjava.jar;C:\\nfas
t\java\classes\kmcsp.jar;.
In this class path, jceclasspath is the path to your JCE framework .jar
file.
Note There is a dot, “.”, at the end of the first line of example code.
Note nCipher recommends that you use the Sun JCE framework which can
be downloaded from http://java.sun.com/products/jce/.
JDK_HOME\jre\lib\security\java.security
#
# List of providers and their preference orders (see above):
#
security.provider.1=sun.security.provider.Sun
#
# List of providers and their preference orders (see above):
#
security.provider.1=com.ncipher.provider.km.nCipherKM
security.provider.2=sun.security.provider.Sun
Choosing functions
The nCipherKM JCA/JCE provider implements the engine classes
described below.
KeyPairGenerator
• RSA
- OID.1.2.840.113549.1.1.1
- 1.2.840.113549.1.1.1
• DSA
- OID.1.2.840.10040.4.1
- 1.2.840.10040.4.1
- 1.3.14.3.2.12
• DH
- Diffie-Hellman
- DiffieHellman
KeyGenerator
• DESede
- TripleDES
- Triple-DES
- DES3
• Rijndael
- AES
• CAST
- CAST128
- CAST256
• Blowfish
• Serpent
• Twofish
• ArcFour
• HmacSHA1
• HmacSHA256
• HmacSHA384
• HmacSHA512
• HmacTiger
• HmacRIPEMD160
• HmacMD5
Signature
• MD5withRSA
- MD5/RSA
- OID.1.2.840.113549.1.1.4
- 1.2.840.113549.1.1.4
- 1.3.14.3.2.25
• SHA1withRSA
• SHA1withDSA
- DSA
- DSS
- SHA/DSA
- SHA-1/DSA
- SHA1/DSA
- SHAwithDSA
- DSAWithSHA1
- OID.1.2.840.10040.4.3
- 1.2.840.10040.4.3
- 1.3.14.3.2.13
- 1.3.14.3.2.27
Cipher
• RSA
- Mode: ECB
- Padding: PKCS1Padding (PKCS1, PKCS#1)
• OID.1.2.840.113549.1.1.1
• DESede
- Mode: ECB, CBC
- NoPadding, PKCS5Padding (PKCS5, PKCS#5)
• TripleDES
• Triple-DES
• DES3
• Rijndael
- Mode: ECB, CBC
- NoPadding, PKCS5Padding (PKCS5, PKCS#5)
• AES
• CAST
- Mode: ECB, CBC
- NoPadding, PKCS5Padding (PKCS5, PKCS#5)
• CAST128
• CAST256
• Blowfish
- Mode: ECB, CBC
- NoPadding, PKCS5Padding (PKCS5, PKCS#5)
• Serpent
- Mode: ECB, CBC
- NoPadding, PKCS5Padding (PKCS5, PKCS#5)
• Twofish
- Mode: ECB, CBC
- NoPadding, PKCS5Padding (PKCS5, PKCS#5)
• ArcFour
- Mode: None
- Padding: None
KeyStore
• nCipher.sworld
- jks
SecureRandom
• RND
- SHA1PRNG
KeyAgreement
• DH
- Diffie-Hellman
- DiffieHellman
KeyFactory
• DH
- Diffie-Hellman
- DiffieHellman
• RSA
- OID.1.2.840.113549.1.1.1
- 1.2.840.113549.1.1.1
• DSA
- OID.1.2.840.10040.4.1
- 1.2.840.10040.4.1, 1.3.14.3.2.12
Mac
• HmacSHA1
• HmacMD5
• HmacTiger
• HmacRIPEMD160
• HmacSHA256
• HmacSHA384
• HmacSHA512
These properties can be set on the command line when the Java
program is run. Normally, however, it is not necessary to change these
properties from their default values.
JCECSP_DEBUG
In order to specify the debugging level, set this property with a
command of the form:
JCECSP_DEBUGFILE
In order to specify to which file debugging output is sent, set this
property with a command of the form:
In this command, debugfile is the name of the file that you wish
debugging output to be sent.
protect
The nCipherKM key generation classes always generate secure
private keys that cannot be exported outside the module. This means
that private keys generated by the nCipherKM provider can only be
used by nCipherKM engine classes. Public keys generated by the
nCipherKM provider can be exported as an X.509 encoding.
The generated key is not recorded in the security world unless the key
is stored in an nCipher KeyStore. In such a case, the pass phrase
supplied must equal the pass phrase for the card of the card set that
protects the key.
cd C:\nfast\java\classes
java -classpath "%CLASSPATH%;." KmcspTest
PKCS #11
In order to use the nCipher PKCS #11 library, you must tell the
application the name and location of the library. The exact method for
doing this depends on the application.
There are detailed instructions for using the nCipher PKCS #11
library with specific applications available from the nCipher web site,
http://www.ncipher.com/, or from [email protected].
Depending on the application, you may need to set the path and
library name C:\nfast\toolkits\pkcs11\cknfast.dll in a dialog box or
configuration file.
From version 1.7, the nCipher PKCS #11 library can be used with
FIPS 140-2 level 3 compliant security worlds. This version of the
library also introduces load sharing. This feature provides support for
multiple modules that are connected to a single server, spreading the
load of cryptographic operations between the modules in order to
provide scalability in terms of performance.
Note nCipher recommends that you use load sharing unless you have
existing code that is designed to run with multiple modules.
In order to share keys with load sharing, you must create a 1-of-N
Operator Card Set that contains at least as many cards as you have
modules. All the cards on the Operator Card Set must have the same
pass phrase.
Note If you are using the preload utility in conjunction with the nCipher
PKCS #11 library, you can create K-of-N Operator Card Sets (see
preload on page 277).
Choosing functions
Some PKCS #11 applications enable you to choose which functions
you want to perform on the PKCS #11 token and which functions you
want to perform in your application.
Digital signatures
The nCipher PKCS #11 library can use the nCipher module to sign
and verify messages using the following algorithms:
• DSA
• RSA
• DES3_MAC
• AES
• CAST128_MAC.
Asymmetric encryption
The nCipher PKCS #11 library can use the nCipher module to
perform asymmetric encryption and decryption with the RSA
algorithm.
Symmetric encryption
The nCipher PKCS #11 library can use the nCipher module to
perform symmetric encryption with the following algorithms:
• DES
• Triple DES
• CAST128
• AES.
Message digest
The nCipher PKCS #11 library can perform message digest
operations with MD2, MD5, SHA-1, SHA-256, SHA-384, and
SHA-512 algorithms. However, for reasons of throughput, the library
performs these operations on the host computer.
After a review of your security policy and the way the application uses
the PKCS #11 library with the SAM, if there are questionable
operations that are considered to be acceptable and pose no security
risk, the PKCS #11 library can be configured to permit some, or all,
of them by means of the
CKNFAST_OVERRIDE_SECURITY_ASSURANCES environment
variable (described in
CKNFAST_OVERRIDE_SECURITY_ASSURANCES on page
126).
Note To ensure the security of your keys, you must review any messages
returned by the PKCS #11 library before changing the settings of the
CKNFAST_OVERRIDE_SECURITY_ASSURANCES environment
variable.
The CKNFAST_OVERRIDE_SECURITY_ASSURANCES
environment variable uses a semicolon separated list of parameters,
with associated values, to explicitly allow operations that could
compromise the security of cryptographic keys if the operations are
not well understood.
Key security
The questionable operations largely relate to the concept of a key
being secure. A private or secret key is considered insecure if there is
some reason for believing that its value may be available outside the
module. Public keys are never considered insecure; by definition they
are intended to be public.
Whether or not the library uses load sharing depends on the value of
the CKNFAST_LOADSHARING environment variable, described in
CKNFAST_LOADSHARING on page 124.
When you insert a smart card from an Operator Card Set in the current
security world, the nCipher PKCS #11 library treats this card as a
PKCS #11 token that is present in the virtual slot for that Operator
Card Set.
After the PKCS #11 token is present, you can open a session to that
token. Until you log in, a session can only access public objects that
belongs to that PKCS #11 token.
The PKCS #11 token is present until you remove the last card
belonging to the Operator Card Set. When you remove the token, the
nCipher PKCS #11 library closes any open sessions.
Logging in gives access to the private objects that are protected by the
PKCS #11 token. Logging in requires the pass phrase for the Operator
Card Set. The exact mechanism for supplying the pass phrase depends
on the application that you are running.
The PKCS #11 token is shared across all the modules that have a
smart card from the Operator Card Set in the reader at the point that
you log in. After you have logged in, inserting additional cards from
this Operator Card Set has no effect.
Use the second of the two entries (which has the same name as the
Operator Card that is currently in the smart card reader) to protect
your keys or token objects.
PKCS #11 does not allow two tokens to be present in the same slot.
Therefore, when you insert a smart card into a reader, the nCipher
PKCS #11 library logs out any previously logged-in token from the
slot and closes any open sessions.
You must provide any required pass phrase for the tokens when using
preload to load the card set. However, because the application is not
aware that the card set has been pre-loaded, the application operates
normally when handling the login activity (including prompting for a
pass phrase), but the PKCS #11 library will not actually check the
supplied pass phrase.
If the loaded card set is non-persistent, then a card must be left in each
module on which the set has been loaded during the start-up sequence.
After a non-persistent card has been removed, the token is not present
even if the card is reinserted.
If load sharing has been specifically switched off, you see multiple
slots with the same label.
If you use the default values in the installation script, you should not
need to change any of these environment variables.
You can set environment variables in the file cknfastrc. This file must
be in the directory $NFAST_HOME. If NFAST_HOME is not set, or if
environment variables are cleared by your application, the file must be
in C:\nfast\bin\.
variable=value
Note Variables set in the environment are used in preference to those set in
the resource file.
Changing the values of these variables after you start your application
has no effect until you restart the application.
CKNFAST_TOKENS_PERSISTENT
This variable controls whether Operator Cards that are created by
your PKCS #11 application are persistent (see Persistent Operator
Card Sets on page 50 for a description of persistence). If this variable
is set when your application calls the PKCS #11 function that creates
tokens, the Operator Card created is persistent.
Note Use of the nCipher PKCS #11 library to create tokens is deprecated,
because it can only create 1-of-1 tokens in FIPS 140-2 level 2
security worlds. Use KeySafe or one of the command-line utilities to
create Operator Card Sets.
CKNFAST_LOADSHARING
In order to enable load-sharing mode, set the environment variable
CKNFAST_LOADSHARING to a value that starts with something
other than 0, N, or n. The virtual slot behavior described in nCipher
PKCS #11 library with load sharing on page 120 then operates. When
this variable is not set (or is set to a value that starts with 0, N, or n),
you see two slots for every module connected (as described in nCipher
PKCS #11 library without load sharing on page 121).
Applications that enable the user to select the slot, or that dynamically
select a slot based on its capabilities, should work without requiring
the backward capability mode.
CKNFAST_CARDSET_HASH
This variable enables you to specify a specific card set to be used in
load sharing mode. If this variable is set, only the virtual smart card
slot that matches the specified hash is present (plus the accelerator
slot). The hash that you use to identify the card set in
CKNFAST_CARDSET_HASH is the SHA-1 hash of the secret on the
card. Use the nfkminfo command-line utility to identify this hash for
the card set that you want to use: it is listed as hkltu. See the
Administrator Guide for further information on using nfkminfo.
CKNFAST_NO_ACCELERATOR_SLOTS
If this variable is set, the nCipher PKCS #11 library does not create
the accelerator slot, and thus the library only presents the smart card
slots (real or virtual, depending on whether load sharing is in use).
Do not set this environment variable if you want to use the accelerator
slot to create or load module protected keys.
Note Setting this environment variable has no effect on ckcheckinst because
ckcheckinst needs to list accelerator slots.
CKNFAST_NO_SYMMETRIC
If this variable is set, the nCipher PKCS #11 library does not advertise
any symmetric key operations.
CKNFAST_NO_UNWRAP
If this variable is set, the nCipher PKCS #11 library does not advertise
the c_wrap and c_unwrap commands. You should set this variable if
you are using iPlanet or Netscape Certificate Management Server as
it ensures that a standard SSL handshake is carried out. If not set
iPlanet or Netscape Certificate Management Server makes extra calls
which reduces the speed of the library.
CKNFAST_FAKE_ACCELERATOR_LOGIN
If this variable is set, the nCipher PKCS #11 library accepts a PIN for
a module-protected key, as required by iPlanet, but then discards it.
This means that an iPlanet user requesting a certificate protected by a
loadshared module can enter an arbitrary PIN and obtain the
certificate.
Note The variable CKNFAST_FAKE_ACCELERATOR_LOGIN is only
available for iPlanet Enterprise Edition 6.
CKNFAST_DEBUGDIR
If this variable is set to the name of a writeable directory, log files are
written to the specified directory. The name of each log file contains
a process ID. This can make debugging easier for applications that
fork a lot of child processes.
CKNFAST_ASSUME_SINGLE_PROCESS
This variable is set by default to 1. This means that only token objects
that are loaded when C_Initialize is called are visible. Setting this
variable to 0 means that token objects created in one process become
visible in another process when it call C_FindObjects. Setting the
variable to 0 slows the library down.
CKNFAST_ASSURANCES_LOG
This variable is used to direct warnings about questionable security to
a specific log file. Do not change this variable without advice from
your application vendor.
CKNFAST_OVERRIDE_SECURITY_ASSURANCES
This variable can be assigned one or more of the following
parameters, with an associated value where appropriate, to override
the specified security assurances in key operations where this is
deemed acceptable:
• all
• none
• tokenkeys
• longterm [=days]
• explicitness
• import
• unwrap_mech
• unwrap_kek
• weak_algorithm
• shortkey_algorithm=bitlength
• silent
CKNFAST_OVERRIDE_SECURITY_ASSURANCES="token1;token2=value3"
CKNFAST_OVERRIDE_SECURITY_ASSURANCES=token1;token2=value3
all
This parameter overrides all the security checks. It has the same effect
as setting all the other parameters, except none. The library does not
perform any of the security checks and allows the library to perform
potentially insecure operations. This parameter cannot be used with
any other parameters.
none
This parameter does not override any of the security checks. It has the
same effect as setting none of the other parameters. The library
performs all security checks and warns about potentially insecure
operations without performing them. This parameter cannot be used
with any other parameters.
tokenkeys
When this parameter is set, the effect on the PKCS #11 library is to
permit insecure Token keys. By default, any attempts to create,
generate, or unwrap insecure keys with CKA_TOKEN=true fails with
CKR_TEMPLATE_INCONSISTENT and a log message that explains
the insecurity. When tokenkeys is included as a parameter for
CKNFAST_OVERRIDE_SECURITY_ASSURANCES, attempts to
create, generate, or unwrap insecure keys with CKA_TOKEN=true
are allowed.
longterm[=days]
Needing to set this variable usually means that some important keys,
which should be protected by the module’s security, are not secure.
When longterm is set, the PKCS #11 API permits the use of the
following functions with an insecure key up to the specified number
of days after its creation:
• C_Sign and C_SignUpdate
• C_Verify and C_VerifyUpdate
• C_Encrypt and C_EncryptUpdate
• C_Decrypt and C_DecryptUpdate
explicitness
When this parameter is set, the effect on the PKCS #11 library is to
allow applications to create or import insecure keys which have
CKA_SENSITIVE set true. By default attempts to create, generate, or
unwrap insecure keys with CKA_SENSITIVE=true, or to set
CKA_SENSITIVE=true on an existing key, fails with
CKR_TEMPLATE_INCONSISTENT and a log message explaining
the insecurity.
import
When this parameter is set, the PKCS #11 API treats keys that are
imported through C_CreateObject or C_UnwrapKey as secure
(provided there is no other reason to treat them as insecure). By
default, keys which are imported through C_CreateObject or
C_UnwrapKey without this option in effect are marked as being
insecure. Only the setting of the parameter at the time of import is
relevant.
unwrap_mech
When this parameter is set, the PKCS #11 API adds the
CKA_DECRYPT permission on decryption, even if the template has
CKA_DECRYPT=false. By default, trying to create a key with
CKA_UNWRAP=true and CKA_DECRYPT=false fails with
unwrap_kek
When a key is transferred into the module in encrypted form, the key
is usually treated as insecure unless the key that was used for the
decryption, the key-encrypting key (or unwrapping key), only allows
the import and export of keys and not decryption of arbitrary
messages. This behavior is necessary to prevent an unauthorized
application from simply decrypting the encrypted key instead of
importing it. However, because PKCS #11 wrapping mechanisms are
insecure, all unwrapping keys have CKA_DECRYPT=true.
When this parameter is set, the PKCS #11 API considers keys that are
unwrapped with a key that also has CKA_DECRYPT permission as
secure (provided there is no other reason to treat them as insecure). By
default, keys that are unwrapped with a key that has CKA_DECRYPT
permission are considered insecure.
weak_algorithm
This parameter treats keys for the specified weak algorithm as if they
were secure. For example, DES is not secure, but weak_des allows
such keys to be considered secure anyway. This applies to all keys
which have a short fixed key length or whose algorithms have other
security problems (as a guide, weak algorithms are ones whose work
factor to break is less than approximately 80 bits).
shortkey_algorithm=bitlength
silent
CKNFAST_USE_THREAD_UPCALLS
If this variable is set and CKF_OS_LOCKING_OK is passed to
C_Initialize,NFastApp_SetThreadUpcalls is called via
nfast_usencthreads, and only a single NFastApp_Connection is used,
shared between all threads.
If this variable is set and mutex callbacks are passed to C_Initialize but
CKF_OS_LOCKING_OK is not passed, C_Initialize fails
withCKR_FUNCTION_FAILED. (NFastApp_SetThreadUpcalls
requires more callbacks than just the mutex ones that PKCS #11
supports.)
CKNFAST_NVRAM_KEY_STORAGE
When this environment variable is set, the PKCS #11 library
generates only keys in nonvolatile memory (NVRAM). You must also
ensure this environment variable is set in order to delete NVRAM-
stored keys.
In this output:
PKCS#11 library interface version 2.01
refers to the version of the PKCS #11 specification
supported
implementation version 1.##
refers to the version of the nCipher PKCS #11 library
Loadsharing and Failover enabled
is shown if load sharing has been enabled.
Slots that contain a valid Operator Card are indicated by the
status Operator card and the card’s label. In a FIPS 140-2 level 2
compliant security world, the available fixed tokens are also
2. If there are no available slots with cards in them, you can do one
of the following:
- insert a valid Operator Card, and press R
- choose a fixed token slot
- press E to quit, then create an Operator Card Set, and run
ckcheckinst again.
When there is at least one slot with a valid token, input a slot
number, and press Enter . In a FIPS 140-2 level 3 compliant
security world, ckcheckinst prompts you to enter the pass phrase
for the selected Operator Card.
Test Pass/Failed
---- -----------
1 Generate RSA key pair Pass
2 Generate DSA key pair Pass
3 Encryption/Decryption Pass
4 Signing/Verify Pass
Deleted test keys ok
PKCS11 Library test successful.
If ckcheckinst fails:
• check that the nCipher server is running
• use the enquiry and nfkminfo world.
security world
CKR_FIPS_FUNCTION_NOT_SUPPORTED
CKR_FIPS_TOKEN_NOT_PRESENT
CKR_FIPS_MECHANISM_INVALID
Before you use the Check Point configuration tool, you must have:
• installed nCipher hardware
• installed nCipher software
• set up an nCipher security world with an Operator Card Set
• installed the Check Point VPN-1/Firewall-1 software
Use the Custom external application option for applications that were
written using nCipher key management and that expect their keys to
be in stand-alone files.
Note KeySafe does not place any restrictions on the Operator Card Set that
is used to protect nCipher native or Custom application keys. You
must make sure that your application is capable of loading the card
set.
Help options
If a utility has the standard help options, these are not included in the
synopsis or in the description. The standard help options are as
follows:
• -h, --help displays help for the utility
• -v, --version displays the version number of the utility
• -u, --usage displays a brief usage summary for the utility
bulkerase
The bulkerase utility is used to erase large numbers of cards in the
same session. You must be careful because the utility can erase any
FEM activation cards. The bulkerase utility can only erase Operator
Cards from a security world of which the module is a member.
bulkerase is a very powerful tool. You must be absolutely certain that
the cards you intend to erase, particularly FEM enabling cards, are
definitely no longer needed.
Usage
--module= MODULE
--verbose
cardpp
The cardpp changes the pass phrase on a card when you know the
current pass phrase.
Usage
If the card belongs to the current security world, cardpp prompts you
to enter the old pass phrase (if one is set).
If you enter the old pass phrase correctly, cardpp prompts you to enter
the new pass phrase and then to confirm it. After you have confirmed
the new pass phrase, cardpp then changes the card’s pass phrase.
Options
-e, --examine
-c, --change
-k, --check
-r, --recover
-m, --module=MODULE
ckcerttool
This utility allows you to import a certificate as a PKCS #11
CKO_CERTIFICATE object of type CKC_X_509 and associate it with
a corresponding RSA private key.
Usage
To import a card-set-protected or softcard-protected certificate, give a
command of the form:
-c, --cardset=CARDNAME
-n, --nopin
Help options
-h, --help
-V, --version
-u, --usage
checkmod
The checkmod utility checks modulo exponentiations performed on
the module against test data.
Usage
In this command, testfile is the name of a test file. The test file consists
of lines that contain values for the modexp command: variables A, P,
and N, as well as the result R .
Output
checkmod counts the number of successful commands, for example:
C:\nfast\bin\checkmod C:\nfast\testdata\testdata-s1024-n100
File C:\nfast\testdata\testdata-s1024-n100:
100 completed OK
If any command fails or if the value returned does not match the value
supplied in the test file, checkmod prints an error message and then
terminates.
cksigtest
The cksigtest utility is supplied with the nCipher PKCS #11 library. It
measures the module signing or encryption speed when used with
nCipher PKCS #11 library calls.
Usage
Options
Help options
-h, --help
-V, --version
-u, --usage
Program options
-s, --sign
-v, --verify
-d, --decrypt
-e, --encrypt
Key options
-S, --sig-type=TYPE
-l, --key-size=BITS
This option specifies the length of the key in bits. The default
is 1024. This parameter is not required for a DSA key, which
is always 1024 bits long.
Note The module may run out of memory if you run cksigtest with sizes
greater than 2048, especially if the module has any other keys or
tokens loaded.
-M, --mech=MECH
Other options
-c, --cardset=NAME
-j, --threads=COUNT
-B, --unbuffered-stdout
-t, --stop-after=TIME
-p, --pin-for-testing=PIN
-n, --nopin
Output
cksigtest produces output similar to this:
Totals and averages are returned once every 10 seconds for short runs
and every minute for long runs.
createocs
The createocs creates an Operator Card Set.
Usage
Options
-m, --module=MODULE
-Q, --ocs-quorum=K/N
-N, --name=NAME
These options enable you to name the card set. The card set
must be named with this option before individual cards can
be named using the -M, --name-cards=NAME options.
-M, --name-cards
-p, --persist
-P, --no-persist
-R, --no-pprecovery
These options means that the pass phrase for this card set
cannot be recovered. The pass phrase for the card set is
recoverable by default. You can specify this explicitly with
--pprecovery.
-q, --remotely-readable
-f, --force
data. You cannot use the --force option either to force the
reuse of Administrator Cards from the current security world
without first erasing them or to force the reuse of Operator
Cards from other security worlds.
-T, --timeout=TIME
These options set the time-out for the card set. Use the suffix
s to specify seconds, m for minutes, h for hours, and d for
days. If the timeout is set to 0, the Operator Card never times
out. Otherwise, the module automatically unloads the
Operator Card Set TIME after the Operator Card was loaded.
cryptest
The cryptest utility tests all defined symmetric cryptographic
mechanisms. cryptest can test encryption and signature mechanisms.
Usage
Test options
-M, --module=MODULE
-e, --encryption
-s, --signature
-E, --channel-encrypt
-S, --channel-decrypt
-m, --max-size=BYTES
-b, --channel-block-size=BYTES
This option uses an update size for channels that is less than
or equal to the number of bytes specified in BYTES.
Output
cryptest returns output similar to this:
KeyType_DES:
Mech_Any:
encrypt 0 1 7 8 9 15 16 17 20 36 64 256 1025 2048 4096 8192 16384 65536
sign 0 1 7 8 9 15 16 17 20 36 64 256 1025 2048 4096 8192 16384 65536
Mech_DESmCBCi64pPKCS5:
encrypt 0 1 7 8 9 15 16 17 20 36 64 256 1025 2048 4096 8192 16384 65536
Mech_DESmECBpPKCS5:
encrypt 0 1 7 8 9 15 16 17 20 36 64 256 1025 2048 4096 8192 16384 65536
Mech_DESmECBpNONE:
encrypt 0 8 16 64 256 2048 4096 8192 16384 65536
Mech_DESmCBCpNONE:
encrypt 0 8 16 64 256 2048 4096 8192 16384 65536
Mech_DESmCBCMACi64pPKCS5:
sign 0 1 7 8 9 15 16 17 20 36 64 256 1025 2048 4096 8192 16384 65536
...
cspcheck
This utility checks that CSP container files are intact and uncorrupted,
that referenced key files exist, and that any key counters are intact and
readable. You can use cspcheck in conjunction with nfkmcheck, but
ensure that you run nfkmcheck first in order to test the integrity of your
security world files.
Usage
C:\nfast\bin\cspcheck [-h]
cspimport
This utility allows you to insert keys manually into existing CSP
containers.
Usage
Key migration does not remove the migrated key from the source
container.
Import options
-i, --import
-k, --key=IDENT
-i, --import
Migrate options
-m, --migrate
-c, --container=SOURCE_ID
--source-type=TYPE
The following examples show forms that the cspimport command can
take:
cspimport --import --key 346b89 --appname mscapi --target 35b124 --type exchange
Note It is very important that you do not import the wrong type of key for
the CSP with which you wish to use it. The nCipher RSA CSP (ncsp.dll)
works only with RSA keys, and the nCipher DSA/DH CSP (ncspdd.dll)
works only with DSA and DH keys.
If the key file contains a symmetric key (or does not have a public blob
stored), then cspimport disallows its use with nCipher CSPs.
However, the cspimport utility cannot determine what type of
asymmetric key is contained in an arbitrary key file without loading
the key, which is impractical as it may require operator card sets.
You must ensure that you import asymmetric keys of the appropriate
type for your destination CSP. In particular, you must not migrate keys
between containers that belong to different CSPs. Attempts to use
such keys fail with an NTE_FAIL error code as well as other
miscellaneous errors in the CSP log file.
If you import or migrate a key, the original key file is copied so that
the key is not lost if the original application deletes it. The new key
copy has appname=mscapi and ident=cloned-key- xxx (where xxx is a
3-digit integer).
2. If it does not already exist, generate the container into which you
want to import the key. You can use the API or the keytst utility.
For example, to generate a new container called import-test that
belongs to the current user, you can issue the following keytst
command:
keytst -c import-test
csputils -n import-test
Source key:
Key file: key_simple_rsa-test
Key name: 'rsa-test'
Key hash: 0xd01ddd6e6c1482d70bbcc17808d8d261b7bf129c
Key is module protected.
Target container:
Container ID: #83ebe19c7a35ae3cefd1fced3b9a0aaaa778d80a
Container name: 'import-test'
User name = 'DOMAIN\\fred', CSP name = 'ncsp.dll'
Are you sure you want to continue? (yes/no):
csputils -n import-test
csputils -U alice
Source container:
Container ID: #cbfb7b1190653138bc660df491b5426c929034e5
Container name: 'foo'
User name = 'DOMAIN\alice', CSP name = 'ncsp.dll'
Source key:
Target container:
Container ID: #559376b4a2982f04fd1f7c9a1adacb192f5ac827
Container name: 'bar'
User name = 'DOMAIN\bob', CSP name = 'ncsp.dll'
This output shows that the imported key is now present in bob’s
container bar.
cspmigrate
This utility migrates containers and keys from earlier versions of the
nCipher CSP to the new container storage system.
Permissions
Calling cspmigrate with the -m parameter transfers the security
information from the registry keys that stored the container
information in old versions of the CSP to the new container files; it
also transfers this security information to the key files owned by the
container.
Calling cspmigrate with the -c parameter checks that the new container
file’s owner, group, and auditing permissions match those in the old
registry key, if necessary. However, calling cspmigrate with the -c
parameter does not check the file’s ACL; registry key ACLs have no
easy mapping to file ACLs. If you want to ensure that container files
ACLs are correct, use csputils to find the desired file name and
manually examine the container file’s permissions.
Note The cspmigrate utility can only be used if you have rights as a local
administrator. It produces very wide output and also produces very
long output if you have many containers.
Usage
-m
-c
This option cleans up old registry entries and key files. After
you have used this option, the old CSP no longer works
Do not use the -c option until you are confident that the new CSP is
working correctly with your old containers.
-d
This option specifies a "dry run" (that is, a run that does
nothing but report on what needs to be done).
-q
-v
-f
Output
The cspmigrate utility should be run in two stages. The first stage,
cspmigrate -m, creates any required container files (letting you know
if these already exist) and sets up links to existing key files if this
necessary.
At this point in the process, check that your new containers exist (by
using csputils) and that the new CSPs have the same functionality as
the old CSPs.
Note If you are using the Microsoft CA or IIS 5, you must reboot the
machine in order to ensure that the newly installed CSPs are used by
the system services.
After you are satisfied that the new CSPs are working correctly, you
can clean up the container information from the registry; it is no
longer needed. However, because there is no utility that regenerates
old container information (registry-based) from new container
information (security-world-based), only remove the old CSPs if you
are sure they are no longer needed. It is not necessary to perform this
step in order for the computer to operate correctly.
Output from (the same) sample session as shown above, but with
cspmigrate -c set to clean up the Windows registry file, looks
something like:
cspnvfix
This utility regenerates the NVRAM key counter area for a specified
nCipher CSP key.
Usage
-c , --container=HASH
-t, --type=KEYTYPE
-m, --module=MODULE
This utility resolves situations where key counting for the specified
key is disabled because the NVRAM file area is not present. This
could occur, for example, because the NVRAM file has been erased
by module initialization or because a module has been replaced. Key
counting can be enabled again by regenerating the required NVRAM
file area. A quorum of the ACS is required to authorize regeneration
of the NVRAM file.
csptest
The csptest utility tests the Cryptographic Service Providers that are
installed on the computer. csptest tests nCipher or Microsoft CSP
provider arrangements, whereas most utilities test nCore-APIs.
Usage
-f, --flood
-d, --dsa
-m, --ms
-C, --counters
These options specify that keys generated for a flood will use
counters.
-K, --kitb
-n, --number=NUM
-l, length=LEN
These options specify the use of a key num -bits long. The
default is 1024.
Note csptest reports errors if you attempt to generate keys whose length is
not a multiple of 8 bits. This is because the CSP does not support
lengths that are not a multiple of 8 bits. This behavior is consistent
with that of the Microsoft CSP, although the error returned is
different.
-k, --keys=KEYS
nFastKM: error: MakeBlob (private key) failed; NoMemory unable to generate signature key
for context #16, last error was 0x80090020.
-s, sigs=SIGS
-t, --time=TIME
Output
When run without the --flood option csptest returns output similar to
this:
csptest returns output for all loaded CSPs, including the standard
Microsoft CSPs.
If you specify the --flood option, csptest returns output similar to this:
1, 60 60, 60 overall
2, 130 70, 65 overall
3, 192 62, 64 overall
4, 263 71, 65.75 overall
5, 333 70, 66.6 overall
6, 396 63, 66 overall
csputils
This utility lists CSP containers and provides detailed information
about them. It can also be used to delete container files if the current
user has administrative privileges.
Usage
-l, --list
-d, detail
-x, delete
-c, --csp=CSP
-U, --username=USER
-m, --machine
-H, --hash=HASH
-n, --name=NAME
Output
In order to list all containers on the system concisely, issue the
command:
In order to list all containers whose name contains CSP and also those
containers that were created by ncspbase.dll , issue the
command:csputils --name CSP --csp ncspbasewhich returns output
similar to:
In order to delete all containers whose name contains CSP test , issue
the command:csputils --delete -name "CSP test"which returns output
similar to:
Type yes and press Enter . The returned output is similar to:
des_kat
The des_kat utility performs DES known-answer tests and indicates if
any of them fail.
Usage
C:\nfast\bin\des_kat [-m|--module=MODULE]
Output
des_kat should return output:
If any tests fail, des_kat returns the number of the failed test. Please
inform Support at nCipher.
enquiry
The enquiry utility returns information about the nCipher server and
the modules connected to it.
Usage
enquiry -m|--module=MODULE
Output
enquiry returns the following data for the server and each module:
Failed indicates that the module has failed. This failure may
be because the module is in the Error state or because there
is a problem on the PCI bus.
serial number
mode
• operational
• initialisation
• maintenance
• pre-initialisation
• pre-maintenance
• uninitialised.
version
speed index
rec. queue
Hardware
HasTokens
MaintenanceMode
InitialisationMode
PreMaintInitMode
version string
checked in
OrderlyClearUnit
HasRTC
HasNVRAM
HasNSOPermsCmd
ServerHasPollCmds
FastPollSlotList
HasSEE
HasKLF
HasShareACL
HasFeatureEnable
HasFileOp
HasPCIPush
HasKernelInterface
HasLongJobs
SeverHasLongJobs
AESModuleKeys
NTokenCmds
For the server, the level four flags field contains all the flags
set for attached modules.
product name
device name
EnquirySix version
impath kx groups
For modules that support enquiry level Six, this lists the
available key exchange groups that this module can use
when it makes a connection with another module.
features enabled
version serial
kneti hash
floodtest
The floodtest utility performs hardware speed testing using modular
exponentiation with the Chinese Remainder Theorem.
Usage
Program options
--crt
--no-crt
-Q, --query
-R, --no-round-robin
-l, --job-size=BITS
-j, --outstanding-jobs=COUNT
-t, --stop-after=TIME
These options specify the maximum time to run the test. Use
the suffix s to specify seconds, m for minutes, h for hours,
and d for days. The default value of TIME is infinity.
-n, --jobs-count=COUNT
-K, --skew-check=SKEW
-C, --check-start=TIME
Output options
--overprint
This option prints results all on one line, using \r rather than
\n.
-o, --output=FILE
-r, --report-interval=TIME
Output
floodtest returns output similar to this:
The first column, to the right of the line numbers, shows the number
of seconds.
fwcheck
The fwcheck utility verifies a firmware image by using one of several
files that contain verification data.
Usage
Help options
-h, --help
-V, --version
-u, --usage
-v, --verbose
Checking options
-m, --module=MODULE
-c, --challenge=HEX
fw_platform.nff
fw_platform.ftv
generatekey
You can use the generatekey utility to:
• generate new keys
• import existing keys into a security world
• retarget a key used by one application for use with a different
application
• list supported applications.
You can also use generatekey in batch mode, which is useful for
scripting.
Note Because of changes to options and parameters in the current version
of generatekey, scripts you run that use a previous version of
generatekey may require changes before you can run them
successfully.
In this command:
OPTIONS
APPNAME
NAME=VALUE
The options, applications, and parameters for use with generatekey are
described in the following sections.
Options
--generate
--import
--retarget
--batch
--interactive
--check, --check-props
--list-params, --list-props
--list-apps
--list-key-types
This option lists the supported key types for the specified
APPNAME. You can specify --import to see what key types
are supported for import.
--module MODULE
--verify
• Rijndael (AES)
--no-verify
--debug
--quiet
--verbose
Applications
With generatekey, APPNAME can be:
simple
custom
pkcs11
These keys are formatted suitably for use with PKCS #11
applications and are given a suitable identifier. The set of key
types supported is currently limited to:
• DES
• DES2
• DES3
• DH
• DSA
• ECDH
• ECDSA
• HMACSHA1
• RSA
• KCDSA
• CAST
• HMACMD5
• Rijndael (AES)
embed
hwcrhk
jcecsp
kpm
Parameters
The following table lists available parameters with the actions
(generate, import, and retarget) and applications to which they apply:
generate
import
retarget
custom
embed
hwcrhk
jcecsp
pkcs11
seeconf
seeinteg
simple
kpm
alias This determines the alias to X X X X
assign to the key.
blobsavefile When using the custom X X X X
application type, this
specifies a file name of the
form the form
FILENAME.EXT to which
to save the key blob.
Additionally, text file
containing information
about the key is saved to a
file whose name has the
form ROOT_inf.txt; for
asymmetric key types, the
public key blob is also
saved to a file whose name
has the form
ROOT_pub.EXT.
generate
import
retarget
custom
embed
hwcrhk
jcecsp
pkcs11
seeconf
seeinteg
simple
kpm
certreq This parameter enables you X
to generate a certificate
request when generating a
PKCS #11 key (RSA keys
only); the default behavior
is to not generate a
certificate request. To
generate a certificate
request you must set
certreq to yes, which makes
generatekey prompt you to
fill in the extra fields
required to generate a key
with a certificate request.
The resultant certificate
request is saved to the
current working directory
with a file name of the
form filename_req.ext
where filename is a name of
your choice. An extra file
with a name of the form
filename.ext is also
generated to be used as a
pseudo- key-header; this
file can be removed after
the certificate request has
been generated. You can
use this paramater with the
--retarget option to
generated a self-signed
certificate for an existing
key.
generate
import
retarget
custom
embed
hwcrhk
jcecsp
pkcs11
seeconf
seeinteg
simple
kpm
checks For RSA key generation X X X X X X X X
only, this specifies the
number of checks to be
performed. Normally, you
should leave this blank to
let the module pick an
appropriate default.
curve For ECDH and ECDSA X X X X X X X X X
key generation only. This
option specifies which of
the range of supported
curves to use. Supported
curves are: NISTP192,
NISTP224, NISTP256,
NISTP384, NISTP521,
NISTB163, NISTB233,
NISTB283, NISTB409,
NISTB571, NISTK163,
NISTK233, NISTK283,
NISTK409, NISTK571,
ANSIB163v1,
ANSIB191v1, SECP160r1
embedconvfile This specifies the name of X X
the PEM file that contains
the RSA key to be
converted.
generate
import
retarget
custom
embed
hwcrhk
jcecsp
pkcs11
seeconf
seeinteg
simple
kpm
embedsavefile When using the embed X X X X X
application type, this
specifies the name for the
file where the fake RSA
private key is to be saved.
The file has the same
syntax as an RSA private
key file, but actually
contains the key identifier
rather than the key itself,
which remains protected.
A certificate request and a
self-signed certificate are
also written. If the
filename is ROOT.EXT
then the request is saved to
ROOT_req.EXT and the
self-signed certificate is
saved to
ROOT_selfcert.EXT.
generate
import
retarget
custom
embed
hwcrhk
jcecsp
pkcs11
seeconf
seeinteg
simple
kpm
hexdata This specifies the hex value X X X X X X X
of DES/DES3 key to
import. Note that the hex
digits are echoed to the
screen and are may be
visible in process listings if
specified on the command
line.
ident This specifies a unique X X X X X
identifier for the key in the
security world. For simple
or hwcrhk applications,
this is the key identifier to
use (the exact identifier for
simple, for hwcrhk the key
type is implicitly
included). For other
application types, keys are
assigned an automatically
generated identifier and
accessed by means of some
application-specific name.
keystore This specifies the filename X X X X
of the keystore to use. This
must be an nCipher
keystore.
generate
import
retarget
custom
embed
hwcrhk
jcecsp
pkcs11
seeconf
seeinteg
simple
kpm
module This specifies the module X X X X X X X X X
to use for generating the
key. If there is more than
one usable module, this is
prompted for. The module
can also be specified with
the --module option. The
default is the first usable
module (one in the current
security world and in the
operational state).
nvram This determines whether X X X X X X X X
the key is stored in the
kmdata directory of the
host computer or in the
module’s NVRAM. If set
to yes, the key is stored in
the module's NVRAM. If
set to no, the key is stored
on the host. The default is
no. This parameter only
works if your module's
firmware supports it and if
there is sufficient space in
your module’s NVRAM.
See Generating NVRAM-
stored keys on page 92.
paramsreadfile This specifies the name of X X X X X X X X X
the group parameters file
that contains the discrete
log group parameters for
Diffie-Hellman keys only.
This should be a PEM-
formatted PKCS#3 file. If
this parameter is omitted,
the module uses a default
file.
generate
import
retarget
custom
embed
hwcrhk
jcecsp
pkcs11
seeconf
seeinteg
simple
kpm
pemreadfile This specifies the name of X X X X X
the PEM file that contains
the key to be imported.
When importing an RSA
key, this is the name of the
PEM-encoded PKCS #1
file to read it from.
Password-protected PEM
files are not supported.
plainname This specifies the key X X X X X X X X X
name within the security
world. For some
applications, the key
identifier is derived from
the name, but for others the
name is just recorded in
kmdata and not used
otherwise.
protect This specifies the X X X X X X X X X X X
protection method, which
can be module for security-
world protection, softcard
for softcard protection or
token for Operator Card Set
protection. The default is
token, except for seeconf
keys, where the default is
module. seeinteg keys are
always token-protected.
The softcard option is only
available when your
system has at least one
softcard present.
generate
import
retarget
custom
embed
hwcrhk
jcecsp
pkcs11
seeconf
seeinteg
simple
kpm
pubexp For RSA key generation X X X X X X X X
only, this specifies in
hexadecimal format the
public exponent to use
when generating RSA
keys. it is normally left
blank. nCipher
recommends you do not
use this parameter unless
asked to by Support at
nCipher.
qsize This specifies the size in X X X X X X X X
bits of Q when generating
KCDSA keys (if this
feature is enabled). This
parameter is normally
invisible because it must
always be set to 160
(which is therefore the
default value). For
information about enabling
features, see the
Administrator Guide
appropriate to your module
type.
recovery This parameter enables X X X X X X X X X X X
recovery for this key and is
only available for card-set
protected keys in a
recovery-enabled world. If
set to yes, the key is
recoverable. If set to no,
key is not recoverable. The
default is yes. Non-
recoverable module-
protected keys are not
supported.
generate
import
retarget
custom
embed
hwcrhk
jcecsp
pkcs11
seeconf
seeinteg
simple
kpm
seeintegname If present, this parameter X X
identifies a seeinteg key.
The ACL of the newly
generated private key is
modified to require a
certificate from the seeinteg
key for its main operational
permissions, such Decrypt
and Sign (DuplicateHandle,
ReduceACL, and GetACL
are still permitted without
certification.)
selfcert This parameter enables you X
to generate a self-signed
certificate when generating
a PKCS #11 key (RSA
keys only). To generate a
self-signed certificate
request you must set
selfcert to yes, which makes
generatekey prompt you to
fill in the extra fields
required to generate a key
with a self-signed
certificate. The resultant
certificatesaved to the
current working directory
with a file name of the
form filename.ext. You can
use this paramater with the
--retarget option to
generated a self-signed
certificate for an existing
key.
generate
import
retarget
custom
embed
hwcrhk
jcecsp
pkcs11
seeconf
seeinteg
simple
kpm
size For key types with X X X X X X X X X X
variable-sized keys, this
specifies the key size in
bits. The range of
allowable sizes depends on
key type and whether
--no-verify was used. The
default depends on the key
type. See Appendix A:
Cryptographic algorithms
for information on
available key types and
sizes. This parameter does
not exist for fixed-size
keys, nor for ECDH and
ECDSA keys which are
specified using curve.
strict For DSA key generation X X X X X X X
only, if set to yes this
parameter enables strict
verification, which also
limits the size to exactly
1024 bits. The default is
no.
generate
import
retarget
custom
embed
hwcrhk
jcecsp
pkcs11
seeconf
seeinteg
simple
kpm
type This specifies the type of X X X X X X X X X X
key. You must usually
specify the key type for
generation and import
(though some applications
only support one key type,
in which case you are not
asked to choose).
Sometimes the type must
also be specified for
retargetting. See Appendix
A: Cryptographic
algorithms for information
on available key types. The
--verify option limits the
available key types.
x509country This specifies a country X X X X X
code, which must be a
valid 2-letter code, for the
certificate request.
x509dnscommon This specifies a site X X X X X
domain name, which can
be any valid domain name,
for the certificate request.
x509email This specifies an email X X X X X
address for the certificate
request.
x509locality This specifies a city or X X X X X
locality for the certificate
request.
generate
import
retarget
custom
embed
hwcrhk
jcecsp
pkcs11
seeconf
seeinteg
simple
kpm
x509org This specifies an X X X X X
organization for the
certificate request.
x509orgunit This specifies an X X X X X
organizational unit for the
certificate request.
x509province This specifies a province X X X X X
for the certificate request.
xsize This specifies the private X X X X X X X
key size in bits when
generating Diffie-Hellman
keys. The default is 256
bits for a key size of 1500
bits or more and otherwise
160 bits.
hardserver
The hardserver is the communications service between applications
and nCipher modules.
Usage
hardserver.exe [-c|--command-line]
Hardserver startup
The hardserver utility is the hardserver program. It is installed as a
service and started automatically.
When the hardserver starts, it clears all modules and runs all the S
scripts and then all the M scripts in order for all operational modules.
initunit
The initunit utility initializes a unit with a random module key and a
known KNSO. This utility makes a key-management module usable
but does not enable any key archival or recovery.
Usage
In order to use initunit, you must be logged in to the host computer as
root or as a user in the group nfast and must start the module in the
pre-initialization state.For information about starting the module in
the pre-initialization state, see the appropriate Administrator Guide
for your module type.
In this command:
-m, --module=MODULE
-n, --ntoken
Output
If initunit is successful, it returns a message similar to this for each
module that has been initialized:
Initialising Unit #
Setting dummy HKNSO
Module Key Info:
HKNSO ###################HKM ###################
Otherwise, it returns an error message that points to the reason for the
initialization failure.
keytst
The keytst utility displays information about existing CSP key
containers. If you have the appropriate permissions, keytst allows you
to create containers and their keys, and to delete containers.
Note The contents of a CSP key container do not necessarily reflect the key
information that is held in the kmdata directory. However, all key
container data that is held in the nCipher CSP is present in the kmdata
directory. See the Administrator Guide for more details about the
contents of these container files.
Usage
The following options are available for the keytst utility:
Operational options
-l, --list
-c, --create=containername
-d, --delete=containername
-p, --public
-m, --machine
-s, --schannel
-D, --dsa
-V, --verify
-s, --signature
-s, --schannel
-e, --export
-L, --length=bitlen
-C, --counter
-K, --kitb
Output
In order to list the available containers, issue the command:
****************************************
* WARNING *
* You are about to delete a container! *
* This is a non-recoverable option. *
* *
****************************************
Do you wish to continue? (yes/no):
kmfile-dump
The kmfile-dump utility displays detailed key-management
information from a security world’s key-management data file. You
can also display information about the status of your security world
with the nfkminfo command-line utility.
Usage
In this command, file is the name of the file from which data is
dumped. The key-management data files from which you can display
data are located in the kmdata directory. They are:
Program options
-b, --binary
-p, --plain
-v, --verbose
kptest
The kptest utility tests the consistency of encryption and decryption,
or signature and verification, with the RSA and DSA algorithms. It
can also test key generation by regenerating the key pair used every
given number of checks. kptest is not intended as a speed test.
Usage
Program options
-s, --sign-verify
-e, --encrypt-decrypt
-k, --key-regenerate=CHECKS
-i, --plain-size=SIZE
-m, --module=MODULE
-t, --stop-after=TIME
These options the maximum time to run the test. Use the
suffix s to specify seconds, m for minutes, h for hours, and d
for days. The default value of TIME is infinity.
-n, --jobs-count=COUNT
Key options
-S, --key-type=TYPE
-l, --key-size=BITS
These options set the key size in bits. The default is 1024.
This option will be ignored if the key type is ECDSA - for
ECDSA keys use -c, --curve with one of the supported curves
as the argument.
-M, --mechanism=MECH
-p, --plain-type=TYPE
These options use the plaintext type TYPE. Valid values are
Bignum, Hash and Bytes.
--strong
For RSA, this option uses strong (ANSI X9.31) primes. For
DSA, it uses the strict flag.
--pairwise-check
-T, --min-check=COUNT
-C, --check-start=TIME
Output options
--overprint
This option prints results all on one line, using \r rather than
\n.
-o, --output=FILE
-r, --report-interval=TIME
Output
kptest displays a message similar to this:
Subsequent lines show the time the test has been running and the total
number of operations performed.
mkaclx
The mkaclx utility generates a key with specified attributes on a one-
off basis. It is useful for testing.
Usage
mkaclx [-m|--module=MODULE]
[-t|--type=KEYTYPE] [-b|--bits=BITS][-g|--group-size=BITS] [-k|--keygen-cert] [-K|--no-
keygen-cert] [-O|--deny-oppermissions=OPPERMS] [-C|--cardset-protected]
[-M|--module-protected] [-r|--recovery] [-R|--no-recovery] [-i|--kitb] [-a|--see-app-
key=IDENT[:MECH]]
[-N|--name=NAME] [-S|--softcard-protected=NAME] [-T|--timeout=SECS] [-U|--use-
limit=N] [-q|--quiet] [-v|--verbose] [-n|--name=NAME]
[--confirm]
-b, --bits=BITS
-g, --group-size=BITS
-k, --keygen-cert
-K, --no-keygen-cert
-O, --deny-oppermissions=OPFLAGS
-M, --module-protected
-S, --softcard-protected=NAME
-r, --recovery
-R, --no-recovery
-i, --kitb
-a, --see-app-key=IDENT[:MECH]
-T, --timeout=TIME
-U, --use-limit=N
Other options
-q, --quiet
-v, --verbose
-N, --name=NAME
These options specify the name of the key. The default is that
the key has no name.
--confirm
modstate
The modstate utility displays the signed module state.
Usage
Module options
-m, --module=MODULE
--kml
--klf
ncdate
The ncdate example utility views, sets and adjusts the real-time clock
in a module.
Usage
-m, --module=MODULE
--set
--adjust
C:\nfast\bin\ncdate
To set the time and optionally the date on the module MODULE to the
given time and date:
To update the time and optionally the date on the module MODULE
to the given time and date:
Using the --adjust option makes the module compute the drift rate of
the internal clock based on the interval between the present time and
the time when the clock was last set or adjusted. The module
remembers this rate and uses it to correct future readings. It is
therefore important that the time is obtained from the same source as
it was previously.
Note The --set and --adjust options do not work on a module that is included
in a security world. Use the rtc utility for modules in a security world.
Note The rechargeable back-up battery in some nShield modules (used to
maintain RTC operation when the module is unpowered) can last as
long as two weeks without recharging. If the module is without power
for longer than this, the battery is discharged and RTC time is lost; no
other nonvolatile data is lost if this occurs. In such a case, however,
attempts to read the clock (such as with ncdate) return a BadTokenData
error status. You can resolve this by resetting the clock and leave the
module powered up for at least 10 hours to recharge the battery to
recharge.
ncthread-test
The ncthread-test utility stress tests modules and tests nCore API
concurrent connection support.
Usage
Module options
-d, --des-threads=THREADS
-r, --rsa-threads=THREADS
-s, --check-every=PERIOD
Other options
-c, --block-size=SIZE
-b, --rsa-size=SIZE
These options use RSA key of size SIZE bits. The default is
1024.
-q, --quiet
ncversions
The ncversions utility displays installed nCipher support software
components and their versions. The utility lists all components,
whether installed individually or as part of a component bundle, and
also the component bundles themselves.
Usage
C:\nfast\bin\ncversions.exe
Output
The following in an example of a component list produced by
ncversions:
Comp
Output
Version
Repository/Build no.
nfkminfo
The nfkminfo utility displays information about the security world and
the keys and card sets associated with it.
Usage
C:\nfast\bin\nfkminfo --cardset-list
[TOKENHASH] -key-list
[APPNAME[APPNAME]] |
-name-list
[APPNAME[IDENT...]]
Options
-c, --cardset-list [TOKENHASH]
name
"name" k-out-of-n 1/1 flags NotPersistent timeout
none card names "" hkltu
794ada39038fa8c4e9ea46a24136bbb2b8b337f2
nfkmverify
The nfkmverify utility verifies key generation certificates, and so
allows you to confirm how a particular security world and key are
protected. It also returns some information about the security world
and key.
nfkmverify compares the details in the ACL of the key and those of the
card set that currently protects the key.
A key that has been transferred from another security world will show
discrepancies and fail to be verified. nCipher recommend that keys are
verified in the original security world at the time of generation.
Usage
Help options
-h, --help
-V, --version
-u, --usage
Program options
-m, --module=MODULE
-f, --force
-U, --unverifiable
-v, --verbose
-C, --certificate
These options check the original ACL for the key using the
key generation certificate. This is the default.
-L, --loaded
-R, --recov
These options check the ACL of the key loaded from the
recovery blob.
--allow-dh-unknown-sg-group
Output
Returns from nfkmverify can take a variety of forms, depending on the
parameters of the given key generation certificate, security world, and
key concerned. Examples of possible output resulting from several
different situations are provided below.
** [Security world] **
1 Administrator Cards
(Currently in Module #1 Slot #0: Card #1)
Cardset recovery ENABLED
Passphrase recovery disabled
Strict FIPS 140-2 level 3 (does not improve security) disabled
SEE application nonvolatile storage disabled
real time clock setting disabled
SEE debugging disabled
Generating module ESN 0A42-E645-7A75 currently #1 (in same incarnation)
** [Application key myapp o20010621a13h25m02] **
[Named 'test Thu, 21 Jun 2001 13:25:02 +0100']
Useable by HOST applications.
Recovery ENABLED.
MODULE-ONLY protection
Type RSAPrivate 1024 bits keygenparams.type= RSAPrivate 2
.params.rsaprivate.flags= none 0x00000000
.lenbits= 0x00000400 1024
.given_e absent
.nchecks absent
nopclearfail
The nopclearfail utility clears a module, puts a module into the error
state, or retries a failed module.
Note In order to recover a module from the error state, you must turn the
power to the module off and then on. For internal modules, this may
mean shutting down and then rebooting your computer.
Usage
-c, --clear
-f, --fail
-r, --retry
-m, --module=MODULE
Output
If you select the --no-op, --retry, or --clear option, nopclearfail returns
the following for each selected module:
If you select the --fail option and logged in as a user who is permitted
to create privileged connections, the Fail command causes the module
to enter the error state. The status LED will flash SOS D (... --- ... -..) .
In order to reset the module, you must turn the power to the module
off and then on again. If you are not logged in as a user who is
permitted to create privileged connections and you select the --fail
option, the Fail command will fail and the module will itself continue
as normal.
Note When your machine is connected to a remote slot, if you clear all the
modules using nopclearfail --clear --all, the remote slot temporarily
becomes unavailable. The slot is unavailable for about 5 minutes,
after which it becomes available again automatically. There may be a
short delay before a message informs you of this. However, when the
problem occurs the following message may appear after you run
slotinfo:
nvram-backup
The nvram-backup utility copies files between a module’s nonvolatile
memory and a smart card. It can be used to back up and restore files
that are stored in NVRAM. Files you can back up and restore are data
files stored in NVRAM by an SEE program and NVRAM-stored
keys. See Generating NVRAM-stored keys on page 92 for more
details.
Do not store keys in NVRAM unless you must do so to satisfy
regulatory requirements.
Note nCipher introduced NVRAM key storage only for users who must store
keys within the physical boundary of a module to comply with
regulatory requirements. NVRAM-stored keys provide no additional
security benefits and their use exposes your Administrator Card Set to
increased risk. Storing keys in nonvolatile memory also reduces load-
balancing and recovery capabilities. Because of these factors,
nCipher recommends you always use standard security world keys
unless explicitly required to use NVRAM-stored keys.
If you are using a FIPS 140-2 level 3 compliant security world, you
will be prompted for an Administrator Card or Operator Card from the
security world to authorize copying of files to or from NVRAM and
deletion of files from the module’s NVRAM.
Usage
Help options
-h, --help
-V, --version
-u, --usage
-c, --copy
-d, --delete
-S, --from-smartcard
-s, --slot=SLOT
These options identify the slot on the selected module for the
specified nvram-backup action. The default is 0. You do not
need to specify a slot when listing the contents of, or deleting
files from, a module’s NVRAM.
General options
-f, --force
-v, --verbose
-x, --hex
These options specify that hex notation is used for the file
selection option.
--no-length
Output
To list the contents of the default module’s NVRAM, use the
command:
C:\nfast\bin\nvram-backup.exe --list
In this example, four files are stored in the module’s NVRAM, two
NVRAM-stored keys and their associated recovery information. For
information on identifying file types by their File IDs, see nvram-sw
on page 266.
If you have a FIPS 140-2 level 3 compliant security world, you must
provide authorization to back up files stored on NVRAM. nvram-
backup prompts you to insert a smart card from this security world for
authorization.
You can check the success of the command by listing the contents of
the smart card. Use the command:
C:\nfast\bin\nvram-backup.exe --delete *b
If you have a FIPS 140-2 level 3 compliant security world, you must
provide authorization to delete files from the module’s NVRAM.
nvram-backup prompts you to insert a smart card from this security
world for authorization.
1. If prompted, insert a smart card from the current security world.
Deleting files from a module’s NVRAM requires authentication
and you are prompted to insert Administrator Cards for NVRAM
authentication.
2. Insert the required number of cards, each one in turn, into the
authentication slot.
When authentication is complete, for each file that matches the
specified criteria, nvram-backup prompts for confirmation.
3. Input yes to delete a file or no to retain it in NVRAM.
nvram-sw
The nvram-sw utility views and modifies NVRAM areas.
Usage
Help options
-h, --help
-V, --version
-u, --usage
-d, --delete
-w, --write
-r, --read
-c, --delete-noadmin
-i, --acl
-l, --list
General options
-m, --module=MODULE
-v, --verbose
-x, --hex
-n, --nvram-id=ID
These option specify the identifier of the NVRAM file for all
actions except --list. The default is test-file
-f, --file=FILE
These option specify a key during the --alloc action. This key
is required for all subsequent --read or --write actions on the
NVRAM area.
--no-copy
This option used with the --alloc option allocates a file with
an ACL that does not allow copying.
Identifying files
Files created by nCipher security world tools often have a FileID that
consists of a character identifying the type followed by a
M_ShortHash. You can use this information to identify the type of
files stored in NVRAM and for specifying types of files for use with
an nCipher security world utility.
nCipher may define further file types in future, but the first byte is
always in the range 0-127 (top bit clear). nCipher recommends that
third party developers use FileIDs with a first byte in the range 128-
255 (top bit set).
pollbare
Note This utility is deisgned as a test utility only, although it can also be
used by nCipher support to obtain more information about your
system. Unless you are a developer you are unlikely to need to
understand it in detail; developers can find more complete
information in the nCipher Developer Reference.
Usage
-q. --quiet
-t. --time=TIME
-m. --module=MODULE
postrocs
The postrocs utility performs clean-up tasks after key-xfer-im has been
used to transfer keys that protect PKCS #11 objects.
Usage
Help options
-h, --help
-V, --version
-u, --usage
Options
-m, --module=MODULE
These options specify the target module for the key transfer.
The default is 1.
-s, --slot=SLOT
These options specify the target slot for the key transfer. The
default is 0.
ppmk
This utility allows you to manage softcards. It can be used to perform
the following tasks:
• listing softcards
• creating a new softcard
• checking or changing a softcard’s pass phrase
• recovering a softcard’s pass phrase
• deleting a softcard.
Usage
NAME
IDENT
-n, --new
-l, --list
-r, --recover
--recoverable
-R, --non-recoverable
--delete NAME|IDENT
preload
The preload command-line utility enables keys to be loaded onto a
module before an application is run. The application can be run
immediately in the same session or the first session can be paused and
the application can be run in a separate session. Additional keys can
be loaded while a session is running.
Usage
-c IDENT, --cardset=IDENT
These options specify that all Operator Card Sets that match
IDENT are to be loaded. The IDENT variable can be the hash
or the name of a card set; the preload command tries to guess
whether IDENT is a hash or a name based on the form you
supply.
--cardset-name=NAME
-o, --any-one
This option loads a single Operator Card Set and then stops.
-i, --interactive
-A APP, --appname=APP
-K PATTERN, --key-ident=PATTERN
-K, --key-ident=PATTERN
-n PATTERN, --name-pattern=PATTERN
--name-exact=NAME
-s IDENT, --softcard=IDENT
--softcard-name=NAME
-M, --module-prot
--no-cardset-keys
--admin=KEYS
FIPS options
-F, --require-fips
-N, --no-fips
Loading options
-f PRELOADFILE, --preload-file=PRELOADFILE
-R, --reload-everything
Output examples
If you want to load keys from a number of Operator Card Sets in
module 2 and use them immediately in an application, for example,
with nfkminfo, give the following command:
C:\nfast\bin\preload -R -m 2 nfkminfo
Loading cardset(s):
Module 2 slot 0: empty
Module 2 slot 2: empty
Insert/change card(s) (or change module mode).
Loading cardset(s):
Module 2 slot 0: empty
Module 2 slot 2: empty
Module 2 slot 0: 'pt2' #1
Module 2 slot 0: Enter passphrase:
Loading cardset(s):
Module 2 slot 0: empty
Module 2 slot 2: empty
Module 2 slot 0: 'pt2' #1
Module 2 slot 0:- passphrase supplied - reading card
Module #2 Slot #0: Remove card.
Loading cardset(s):
Module 2 slot 0: empty
Module 2 slot 2: empty
Module 2 slot 0: 'pt2' #1
Module 2 slot 0:- passphrase supplied - reading card
Module 2 slot 0: empty
Module 2 slot 0: 'ct' #1
Module 2 slot 0: Read this card? (press Return)
Loading cardset(s):
Module 2 slot 0: empty
Module 2 slot 2: empty
Module 2 slot 0: 'pt2' #1
Module 2 slot 0:- passphrase supplied - reading card
Module 2 slot 0: empty
Module 2 slot 0: 'ct' #1
Module 2 slot 0:- confirmed - reading card
Module #2 Slot #0: Remove card.
Loading cardset(s):
Loaded seeconf testconf key (DES3) on modules 2
Loaded seeinteg testinteg key (RSAPrivate) on modules 2
Loaded simple cs key (DES3) on modules 2
Loaded simple test12 key (RSAPrivate) on modules 2
Loaded simple test3 key (RSAPrivate) on modules 2
Loaded simple test4 key (RSAPrivate) on modules 2
Loaded simple test5 key (RSAPrivate) on modules 2
Loaded simple test6 key (RSAPrivate) on modules 2
Loaded simple test7 key (RSAPrivate) on modules 2
Loaded simple test8 key (RSAPrivate) on modules 2
Loaded simple test9 key (RSAPrivate) on modules 2
Executing nfkminfo
Loading 'pt2':
Module 1 slot 0: empty
Module 2 slot 0: empty
Module 2 slot 2: empty
Insert/change card(s) (or change module mode).
Loading `pt2':
Module 1 slot 0: empty
Module 2 slot 0: empty
Module 2 slot 2: empty
Module 1 slot 0: `pt2' #1
Module 1 slot 0: Enter passphrase:
Loading 'pt2':
Module 1 slot 0: empty
Module 2 slot 0: empty
Module 2 slot 2: empty
Module 1 slot 0: 'pt2' #1
Module 1 slot 0:- passphrase supplied - reading card
Module 1: completed.
Module #1 Slot #0: Remove card.
Loading 'pt2':
Module 1 slot 0: empty
Module 2 slot 0: empty
Module 2 slot 2: empty
Module 1 slot 0: 'pt2' #1
Module 1 slot 0:- passphrase supplied - reading card
Module 1: completed.
Module #1 Slot #0: Insert appropriate card.
Loading 'pt2':
Module 1 slot 0: empty
Module 2 slot 0: empty
Module 2 slot 2: empty
Module 1 slot 0: 'pt2' #1
Module 1 slot 0:- passphrase supplied - reading card
Module 1: completed.
Module 2 slot 0: 'pt2' #1
Module #1 Slot #0: Insert appropriate card.
Loading 'pt2':
Module 1 slot 0: empty
Module 2 slot 0: empty
Module 2 slot 2: empty
Module 1 slot 0: 'pt2' #1
Module 1 slot 0:- passphrase supplied - reading card
Module 1: completed.
Module 2 slot 0: 'pt2' #1
Module 2 slot 0: Enter passphrase:
Loading 'pt2':
Module 1 slot 0: empty
Module 2 slot 0: empty
Module 2 slot 2: empty
Module 1 slot 0: 'pt2' #1
Module 1 slot 0:- passphrase supplied - reading card
Module 1: completed.
Module 2 slot 0: 'pt2' #1
Module 2 slot 0:- passphrase supplied - reading card
Card reading complete.
Loaded seeconf testconf key (DES3) on modules 1, 2
Loading complete; now pausing
You can use the preloaded keys and tokens when running commands
in a separate command window. For example, to load keys for
generatekey that were preloaded in the preceding example, open
second command window and give the command:
pubkey-find
The pubkey-find utility returns information about the contents of a
.pem file, which may be a private key, a certificate, or a certificate
request.
Usage
This utility has the help option -h. It does not have other help options.
--certreq
--privkey
--auto
This option specifies that the type of the input file is not
known. pubkey-find attempts to identify the input format.
This is the default if no input file type option is specified.
--hash
--fingerprint
--thumbprint
--identify
--info
--augment
This option augments the kmdata file with the public key
blob from the imported key. You can only augment a single
key at a time.
Other options
--match-appname PATTERN
--match-ident PATTERN
--all
This option reports and processes all key files in the kmdata
directory that match CERT-OR-KEY-FILE. This is the default
if none of --all, --latest or --earliest is specified.
--latest
--earliest
This option reports and processes the file that has the earliest
modification time.
--module MODULE
--verbose
--nfkmverify-option OPTIONS
If several kmdata files match, for example if the key has been
retargeted, pubkey-find processes all of them. The --latest and --earliest
options can be used to select one file only to process. The --earliest
option is likely to work best with nfkmverify (that is, the --verify
option). --latest is likely to work best otherwise.
Output
pubkey-find returns information similar to the following:
$ C:\nfast\bin\pubkey-find cert.pem
input format cert
nCore hash 7e259da3d7e78d8ad0b9375e5b99d2d4ad0de7a8
no matching key in current security world host data area
$ C:\nfast\bin\pubkey-find embed.pem
PEM 'key' file really contains only key indicator
input format privkey
nCore hash 750749f62b640132c4b05fa552f49fea3785d01a
name 'plainname'
appname embed
ident 1038030e0e3f21d709817e049eec575a33faa2f2
$ C:\nfast\bin\pubkey-find embed_req.pem
input format certreq
nCore hash 750749f62b640132c4b05fa552f49fea3785d01a
name 'plainname'
appname embed
ident foo
name 'plainname'
appname embed
ident 1038030e0e3f21d709817e049eec575a33faa2f2
$ C:\nfast\bin\pubkey-find --fingerprint embed_selfcert.pem
47:3d:8f:f8:2c:7a:64:23:f9:5a:53:c4:1c:39:3b:2c
$ C:\nfast\bin\pubkey-find --thumbprint embed_selfcert.pem
52:ab:8c:fa:13:a6:ce:43:69:70:87:36:d1:eb:73:71:3e:ba:98:e8
$
randchk
The randchk utility runs an n-bit, or an n-to-m-bit, Maurer’s Universal
Statistical Test on random numbers returned by the module.
Usage
Output
randchk displays a message similar to this:
Initialising 6-bit Universal Statistical Test Processing... 46K 6-bit test results:
5.221070 = 0.003365 from mean (0.507348 s.d.'s)
rfs-setup
This utility creates a default remote file system on the client. You run
rfs-setup when you first configure a client. See the Administrator
Guide for details of client configuration.
Usage
Options
-c, --configfile=FILENAME
-f, --force
--gang-client
--write-noauth
module_IP_address
module_ESN
keyhash
You can obtain the ESN and HKNETI of the module from the module’s
front panel. You can also obtain it with the anonkneti utility. See
bulkerase on page 143 for details.
rfs-sync
This utility synchronises the kmdata between a cooperating client and
the remote file system it is configured to access. It should be run when
a cooperating client is initialised in order to retrieve data from the
remote file system and also whenever a client needs to update its local
copy of the data or, if the client has write access, to commit changes
to the data. See the Administrator Guide for more details about client
cooperation.
Usage
Options
-U, --update
-c, --commit
-s, --show
--setup
-a, --authenticate
--no-authenticate
-m, --module=module
-p, --port=port
ip_address
--remove
the task ID of the lock owner. As a last resort, you can use the rfs-sync
command-line utility to remove lock files. In such a case, the --kill-
lock option forcibly removes the lock file.
sigtest
The sigtest utility measures the module speed using RSA, DSA or
ECDSA signatures or signature verifications.
Usage
sigtest [[-s|--sign]|[-v|--verify]|[-d|--decrypt][-m|--module=MODULE][-c|--curve
CURVE][-j|--outstanding-jobs=COUNT]-t|--stop-after=TIME][[-n|--jobs-count=COUNT][-S|--
key-type=TYPE][-l|--key-size=BITS][-M|--mechanism=MECH][-p|--plain-type=TYPE] [--
strong] [--pairwise-check] [-K|--skew-check=SKEW][-T|--min-check=COUNT][-C|--check-
start=TIME][--overprint] [-o|--output=FILE][-r|--report-interval=TIME]
Help options
-h, --help
-V, --version
-u, --usage
Program options
-s, --sign
-v, --verify
-d, --decrypt
-m, --module=MODULE
-j, --outstanding-jobs=COUNT
-t, --stop-after=TIME
These options specify the maximum time to run the test. Use
the suffix s to specify seconds, m for minutes, h hours, and d
for days. The default value of TIME is infinity, that is, the test
runs forever.
-n, --jobs-count=COUNT
Key options
-S, --key-type=TYPE
-l, --key-size=BITS
These options set the key size in bits. The default is 1024.
This option is ignored if the key type is ECDSA; for elliptic
curve keys. use the -c or --curve options with one of the
supported curves as the argument.
-M, --mech=MECH
-p, --plain-type=TYPE
These options use the plaintext type TYPE. Valid values are
Bignum, Hash and Bytes.
--strong
For RSA, this option uses strong (ANSI X9.31) primes. For
DSA, it uses the strict flag.
--pairwise-check
-K, --skew-check=SKEW
-C, --check-start=TIME
Output options
--overprint
This option prints results all on one line, using \r rather than
\n.
-o, --output=FILE
-r, --report-interval=TIME
Output
sigtest produces output similar to this:
number of modules: 1
Making 1024-bit RSA Private key on module #1...
1, 148 59.
2, 151 overall 2, 410 140.32, 206 overall
3, 677 190.992, 226 overall
4, 944 221.395, 267 overall
5, 1190 231.237, 256.5 overall ...
slotinfo
The slotinfo utility returns information about the tokens that are
present in a module. slotinfo can also be used to format a token.
Usage
Module selection
-m, --module=MODULE
-s, --slot=SLOT
--format
slotinfo does not update the security world host data. If you are using
an nCipher security world:
Output
slotinfo --module=1 returns information in the format:
In this output:
• Type Unconnected means that the slot is a remote slot for this
module, but the hardserver has failed to import it. The reason for
the failure is given in the Details field.
• An A in the Flags field means that the token supports token
authentication in a call to format token.
• An R in the Flags. field means that the slot is a remote slot.
Module # slot #:
Authentication key: 00000000-00000000-00000000-00000000-00000000
No data on token
3698 bytes free
stattree
The stattree utility returns the statistics gathered by the nCipher server
and modules.
Usage
Output
Running the stattree utility displays a snapshot of statistics currently
available on the host machine. Statistics are gathered both by the
hardserver (relating to the server itself, and its current clients) and by
each attached module.
Statistics are displayed in the form of a tree. At each node in the tree,
either a set of statistics or a list of sub-categories is displayed. Each
node has a label which consists of one of the following:
• a tag that identifies its contents as described in Node tags on page
308.
• a number the corresponds to an instance in the category, for
example, a module identifier or a client connection identifier
Times are listed in seconds. Other numbers are integers, which are
either real numbers, IP addresses, or counters. For example, a result
-CmdCount 74897 means that there have been 74,897 commands
submitted.
+PerModule:
+#1:
+ModuleObjStats:
-ObjectCount 4
-ObjectsCreated 4
-ObjectsDestroyed 0
+ModuleEnvStats:
-MemTotal 14389248
-MemAllocKernel 86016
-MemAllocUser 0
-CurrentTempC 39.50
-MaxTempC 39.50
-MinTempC 39.50
ObjectCount, MemTotal, and the remaining items at the same level are
statistics IDs. Each has a corresponding value.
If node is provided, stattree uses the value given as the starting point
of the tree and displays only information at or below that node in the
tree. Values for node can be numeric or textual. For example, to view
the object counts for local module number 3:
The value of node must be a node tag; it must identify a node in the
tree and not an individual statistic. Thus, the following command does
not work:
Node tags
These hold statistics for each module:
Category Contains
ModuleJobStats This tag holds statistics related to the nCipher commands
handled by this module.
ModulePCIStats This tag is for nCipher PCI and netHSM modules only. It
holds statistics related to the PCI connection between this
card and the host computer.
ServerGlobals Aggregate statistics for all commands processed by the
hardserver since it started.
The standard statistics (as described below) apply to the
commands sent from the hardserver to modules.
Commands processed internally by the server are not
included here. The Uptime statistic gives the total running
time of the server so far.
Connections Statistics for connections between clients and the
hardserver. There is one node for each currently active
connection. Each node has an instance number that
matches the log message generated by the server when
that client connected. For example, when the hardserver
message is Information: New client #24 connected, the
client’s statistics appear under node #24 in the stattree
output.
PerModule Statistics kept by the modules. There is one instance node
for each module, numbered using the standard module
numbering. The statistics provided by each module
depend on the module type and firmware version.
Category Contains
ModuleJobStats Statistics for the commands (jobs) processed by a
module. Appears under the PerModule category.
ModulePCIStats Statistics from the module’s PCI host interface. Appears
only on PCI-interfaced modules.
ModuleObjStats Statistics for the module’s Object Store, which contains
keys and other resources. These statistics may be useful
in debugging applications that leak key handles, for
example.
ModuleEnvStats General statistics for the module’s operating
environment.
Statistics IDs
ID Value
Uptime The length of time (in seconds) since a module was last
reset, the hardserver was started, or a client connection
was made.
CmdCount The total number of commands sent for processing from a
client to the server, or from the server to a module.
Contains the number of commands currently being
processed.
ReplyCount The total number of replies returned from server to client,
or from module to server.
CmdBytes The total length of all the command blocks sent for
processing.
ReplyBytes The total length of all the reply block received after
completion.
CmdMarshalErrors The number of times a command block was not
understood when it was received. A nonzero value
indicates either that the parties at each end of a
connection have mismatched version numbers (for
example, a more recent hardserver has sent a command to
a less recent module that the module does not
understand), or that the data transfer mechanism is faulty.
ID Value
ReplyMarshalErrors The number of times a reply was not understood when it
was received. A nonzero value indicates either that the
parties at each end of a connection have mismatched
version numbers (for example, a more recent hardserver
has sent a command to a less recent module that the
module does not understand), or that the data transfer
mechanism is faulty.
ClientCount The number of client connections currently made to the
server. This appears in the hardserver statistics.
MaxClients The maximum number of client connections ever in use
simultaneously to the hardserver. This gives an indication
of the peak load experienced so far by the server.
DeviceFails The number of times the hardserver has declared a device
to have failed. The hardserver provides a diagnostic
message when this occurs.
DeviceRestarts The number of times the hardserver has attempted to
restart a module after it has failed. The hardserver
provides a Notice message when this occurs. The
message does not indicate that the attempt was
successful.
QOutstanding The number of commands waiting for a module to
become available on the specified client connection.
When a module accepts a command from a client, this
number decreases by 1 and DevOutstanding increases by
1. Commands that are processed purely by the server are
never included in this count.
DevOutstanding The number of commands sent by the specified client that
are currently executing on one or more modules. When a
module accepts a command from a client, QOutstanding
decreases by 1 and this number increases by 1.
Commands that are processed purely by the server are
never included in this count.
LongOutstanding The number of LongJobs sent by the specified client that
are currently executing on one or more modules. When a
module accepts a LongJobs command from a client,
QOutstanding decreases by 1 and this number increases
by 1. Commands that are processed purely by the server
are never included in this count.
ID Value
RemoteIPAddress The remote IP address of a client who has this
connection. A local client has the address 0.0.0.0.
HostWriteCount The number of write operations (used to submit new
commands) that have been received by the module from
the host machine. One write operation may contain more
than one command block. The operation is most efficient
when this is the case.
HostWriteErrors The number of times write data from the host was
rejected by the module. A nonzero value may indicate
that data is being corrupted in transfer, or that the
hardserver/device driver has got out of sync with the
module’s interface.
HostWriteBadData Not currently reported by the module. Attempts to write
bad data to the module are reflected in HostWriteErrors.
HostWriteOverruns Not currently reported by the module. Write overruns are
reflected in HostWriteErrors.
HostWriteNoMemory Not currently reported by the module. Write failures due
to lack of memory are reflected in HostWriteErrors.
HostReadCount The number of times a read operation to the module was
attempted. The module can defer a read if it has no replies
at the time, but expects some to be available later.
Typically the module reports HostReadCount in two
places: the number under ModuleJobStats counts a
deferred read twice, once when it is initially deferred, and
once when it finally returns some data. The number under
ModulePCIStats counts this as one operation.
HostReadErrors The number of times a read to a module failed because
the parameters supplied with the read were incorrect. A
nonzero value here typically indicates some problem with
the host interface or device driver.
HostReadEmpty The number of times a read from the module returned no
data because there were no commands waiting for
completion. In general, this only happens a small number
of times during module startup or reset. It can also
happen if PauseForNotifications is disabled.
HostReadUnderruns Not currently reported by the module.
ID Value
HostReadDeferred The number of times a read operation to the module was
suspended because it was waiting for more replies to
become available. When the module is working at full
capacity, a sizeable proportion of the total reads are likely
to be deferred.
HostReadTerminated The number of times a module had to cancel a read
operation which has been deferred. This normally
happens only if the clear key is pressed while the module
is executing commands. Otherwise it might indicate a
device driver, interface, or firmware problem.
PFNIssued The number of PauseForNotifications commands
accepted by the module from the hardserver. This
normally increases at a rate of roughly one every two
seconds. If the hardserver has this facility disabled (or a
very early version), this will not occur.
PFNRejected The number of PauseForNotifications commands rejected
by the module when received from the hardserver. This
can happen during module startup or reset, but not in
normal use. It indicates a hardserver bug or configuration
problem.
PFNCompleted The number of PauseForNotifications commands that
have been completed by the module. Normally, this is one
less than the PFNIssued figure, since there is normally
one such command outstanding.
ANIssued The number of Asynchronous Notification messages
issued by the module to the hardserver. These messages
indicate such things as the clear key being pressed and the
module being reset. In later firmware revisions inserting
or removing the smartcard or changing the non-volatile
memory also generate asynchronous notifications.
ChanJobsIssued The number of fast channel jobs issued to the module.
The fast channel facility is unsupported on current
modules. This number should always be zero.
ChanJobsCompleted The number of fast channel jobs completed by the
module.The fast channel facility is unsupported on
current modules. This number should always be zero.
ID Value
CPULoadPercent The current processing load on the module, represented
as a number between 0 and 100. Because a module
typically contains a number of different types of
processing resources (for example, main CPU, and RSA
acceleration), this figure is hard to interpret precisely. In
general, modules report 100% CPU load when all RSA
processing capacity is occupied; when performing non-
RSA tasks the main CPU or another resource (such as the
random number generator) can be saturated without this
statistic reaching 100%.
HostIRQs On PCI modules, the total number of interrupts received
from the host. On current modules, approximately equal
to the total of HostReadCount and HostWriteCount.
ChanJobErrors The number of low-level (principally data transport)
errors encountered while processing fast channel jobs.
Should always be zero on current modules.
HostDebugIRQs On PCI modules, the number of debug interrupts
received. This is used only for driver testing, and should
be zero in any production environment.
HostUnhandledIRQs On PCI modules, the number of unidentified interrupts
from the host. If this is nonzero, a driver or PCI bus
problem is likely.
HostReadReconnect On PCI modules, the number of deferred reads that have
now completed. This should be the same as
HostReadDeferred, or one less if a read is currently
deferred.
ObjectsCreated The number of times a new object has been put into the
object store. This appears under the module’s
ModuleObjStats node.
ObjectsDestroyed The number of items in the module’s object store that
have been deleted and their corresponding memory
released.
ObjectCount The current number of objects (keys, logical tokens,
buffers, SEE Worlds) in the object store. This is equal to
ObjectsCreated minus ObjectsDestroyed. An empty
module contains a small number of objects that are
always present.
ID Value
CurrentTempC The current temperature (in degrees Celsius) of the
module main circuit board. First-generation modules do
not have a temperature sensor and do not return
temperature statistics.
MaxTempC The maximum temperature recorded by the module’s
temperature sensor. This is stored in non-volatile
memory, which is cleared only when the unit is
initialized. First-generation modules do not have a
temperature sensor and do not return temperature
statistics.
MinTempC The minimum temperature recorded by the module’s
temperature sensor. This is stored in non-volatile
memory, which is cleared only when the unit is
initialized. First-generation modules do not have a
temperature sensor and do not return temperature
statistics.
MemTotal The total amount of RAM (both allocated and free)
available to the module. This is the installed RAM size,
minus various fixed overheads.
MemAllocKernel The total amount of RAM allocated for kernel (that is,
non-SEE) use in a module. This is principally used for the
object store (keys, logical tokens, and similar) and for
big-number buffers.
MemAllocUser The total amount of RAM allocated for user-mode
processes in the module; will be zero for non-SEE use.
This includes the size of the SEE Machine image, and the
total heap space available to it. The module’s kernel does
not know (and does not report in the statistics) how much
of the user-mode’s heap is currently free, and how much
is in use.
Symmetric Algorithms
FIPS approval
nfkmverify
Algorithm Key length in bits Use for ...
Authorization
Digital Signatures
Encryption
Other
Symmetric Algorithms
FIPS approval
nfkmverify
Algorithm Key length in bits Use for ...
Authorization
Digital Signatures
Encryption
Other
SHA-1 HMAC Y 8 to 2048 Y ≥80 bits
SHA-256 HMAC Y 8 to 2048 Y ≥80 bits
SHA-384 HMAC Y 8 to 2048 Y ≥80 bits
SHA-512 HMAC Y 8 to 2048 Y ≥80 bits
Tiger HMAC 8 to 2048 Y ≥80 bits
Triple DES Y 112, 168 Y Y Y
Twofish up to 256 Y Y N
Asymmetric Algorithms
FIPS approval
nfkmverify
Algorithm Key length in bits Use for ...
Authorization
Digital Signatures
Encryption
Other
RSA Y ≥512 Y Y Y ≥1024 bits
≥1024 ≥1024 bits
Key exchange
Diffie-Hellman Y
FIPS Information
The latest guidance from the National Institute of Standards and
Technology (NIST) is that
• SHA-384
• SHA-512
• TLS key derivation
• HMAC (SHA-1, SHA-256, SHA-384, SHA-512)
The algorithms not approved by NIST that nCipher modules offer are:
• KCDSA
• ECDH
• Arc Four
• Blowfish
• CAST 5
• CAST 6
• DES
• Serpent
• SEED
• Twofish
• SHA-160
• MD2
• MD5
• RIPEMD 160
• HMAC (MD2, MD5, RIPEMD160)
Internet addresses
Note nCipher also maintain international sales offices. Please contact the
UK, or the US, head office for details of your nearest nCipher
representative.