4.9. Configure Security World
4.9.1. Security World options
The HSM must be in a secure and trusted environment before a
Security World is created or loaded.
Decide what kind of Security World you need before you create it. Depending on the
kind of Security World you need, you can choose different options at the time of
creation. For convenience, Security World options can be divided into the following
groups:
•
Basic options, which must be configured for all Security Worlds. This includes
environment variables.
•
Recovery and replacement options, which must be configured if the Security World,
keys, or pass phrases are to be recoverable or replaceable. If you disable OCS and
softcard replacement, you can never replace lost or damaged OCSs generated for
that Security World. Therefore, you could never recover any keys protected by lost or
damaged OCSs, even if the keys themselves were generated as recoverable (which is
the default for key generation). Replacing OCSs and softcards requires authorization.
To prevent the duplication of an OCS or a softcard without your knowledge, the
recovery keys are protected by the ACS. However, there is always some extra risk
attached to the storage of any key-recovery or OCS and softcard replacement data.
An attacker with the ACS and a copy of the recovery and replacement data could re-
create your Security World. If you have some keys that are especially important to
protect, you may decide:
◦ To issue a new key if you lose the OCS that protects the existing key
◦ Turn off the recovery and replacement functions for the Security World or the
recovery feature for a specific key.
The recovery data for application keys is kept separate from the recovery data for
the Security World key. The Security World always creates recovery data for the
Security World key. It is only the recovery of application keys that is optional. See
Access Control for more information and guidance on the options available.
•
SEE options, which only need be configured if you are using CodeSafe
•
Options relating to the replacement of an existing Security World with a new
Security World.
Security World options are highly configurable at the time of creation but, so that they
will remain secure, not afterwards. For this reason, we recommend that you familiarize
yourself with Security World options, especially those required by your particular
nShield® Security Manual 25 of 90
To Next Page
Loading...
Need help?
General
