Module key: K
M
A module key is a cryptographic key generated by each nShield module at the time of
initialization and stored within the module. It is used to wrap key blobs and key shares
for tokens. Module keys can be shared across several modules to create a larger
Security World.
All modules include two module keys:
•
module key zero K
M0
, a module key generated when the module is initialized and
never revealed outside the module.
•
null, or well-known module key K
MWK
.
You can program extra module keys into a module.
See also
Security World, hardware security module (HSM)
Module signing key: K
ML
The module signing key is the module’s public key. It is used to issue certificates
signed by the module. Each module generates its own unique K
ML
and K
ML
-1
values
when it is initialized. The private half of this key pair, K
ML
-1
, is never revealed outside the
module.
nShield master feature enable key K
SA
Certain features of the module firmware are available as options. These features must
be purchased separately from Entrust. To use a feature on a specific module, you
require a certificate from Entrust signed by K
SA
. These certificates include the
electronic serial number for the module.
nShield Remote Administration Card
Smart cards that are capable of negotiating cryptographically secure connections
with an HSM, using warrants as the root of trust. nShield Remote Administration
Cards can also be used in the local slot of an HSM if required. You must use nShield
Remote Administration Cards with Remote Administration.
nShield Security Officer’s key: K
NSO
-1
The notation K
NSO
-1
indicates the Security Officer’s signing key. This key is usually a key
to a public-key signature algorithm.
nShield Trusted Verification Device
A smart card reader that allows the card holder to securely confirm the Electronic
Serial Number (ESN) of the HSM to which they want to connect, using the display of
the device. Entrust supplies and the nShield Trusted Verification Device and
recommends its use with Remote Administration.
nShield® Security Manual 87 of 90
To Next Page
Loading...
