EasyManua.ls Logo

Curtiss-Wright DTS1+ CSfC - Page 40

Default Icon
153 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
User Guide DDOC0199-000-A9
1-Slot Data Transport System (CSfC) 6 - 6 Encryption
© 2024 Curtiss-Wright Defense Solutions Revision 3.0
6.3.3 Verify Successful Login
To verify a successful login type cmlogin and press ENTER key.
State should show ready
Init show 1
Status show OK
Example
6.3.4 Access RMC Module (Plain Text DEK / Encrypted DEK)
CAUTION
DATA ACCESS. Use of slot option (-s 0) is required to when entering key (DEK and PSK).
NOTE
Use of -s 0 option denotes slot 0, -F option forces an over-write of any key previously installed.
Entering a plain text DEK or an encrypted DEK (EDEK) is required to access the RMC module.
The EDEK provides additional security, but requires additional effort on the part of the user.
6.3.4.1 Access RMC Module (Plain Text DEK)
NOTE
The DEK is a user-generated 128-character string.
1. To access the RMC module, enter the DEK and PSK.
2. Type
cmkey -s 0 -d -p --force
and press
E
NTER
key
.
Example
6.3.4.2 Access RMC Module (EDEK)
1. Generate an EDEK as follows:
a. To obtain the KEK and associated MAC type cmkey --kek and press E
NTER key.
Example
b. Using a 3rd-party HMAC SHA384 application, generate an HMAC using the KEK and PSK
as the key.
The generated HMAC should be the same as the MAC from the example above.
c. Using a 3rd-party application capable of performing an AES256 key-unwrapping
algorithm, perform an AES key unwrap function on the KEK using the PSK. This will yield
the actual/unwrapped KEK you will use to encrypt your DEK.
d. Using a 3rd-party application capable of performing an AES256 key wrap function, encrypt
the DEK using the unwrapped KEK. This will yield the wrapped/encrypted DEK (EDEK).
e. Using a 3rd-party HMAC SHA384 application, calculate a new MAC using the HMAC
SHA384 function for the EDEK using the unwrapped KEK as the key.
2. To access the RMC module, enter the EDEK and MAC.
cw_dts> cmlogin
[cmlogin]
CMLOGIN: state=ready init=1 status=OK
[!cmlogin] OK
cw_dts> cmkey -s 0 -d -p --force
[cmkey]
Please enter plaintext DEK: User-generated DEK string
Please enter current PSK: PSK string
CMKEY: action=inst slot=0 status=ok
[!cmlogin] OK
cw_dts> cmkey --kek
[cmkey]
CMKEY: kek=KEK mac=MAC
status=OK
[!cmkey] OK

Table of Contents