Checking HSM Configuration

Before configuring EzSign with an HSM it is worth performing a quick check that everything is working as expected and all libraries and passwords are correct

The steps below outline some steps that can be taken to verify everything is ready to go

 

HSM Status

The nCipher HSMs provide several commands for verifying the setup is correct

These utilties are normally located at (On UNIX)

    /opt/nfast/bin

 

Or on windows:

    C:\Program Files (x86)\nCipher\nfast\bin

 

First run the enquiry command e.g. On Unix from a shell run:

    ./enquiry

 

On Windows, from a Command Prompt, run:

    enquiry.exe

 

The output will be split into several sections:

    Server:

    ...

    Module #1:

    ...

And if there is more than one module configured you will also see headings for these, e.g.:

  Module #2:

  ...

  etc.

 

The key things to note are that each of the module entries are showing:

  mode      operational

 

If there are no entries beneath the Server heading, first try starting the hardserver.  On Unix:

    /opt/nfast/sbin/init.d-ncipher start

 

On Windows, start the nFast Server service

 

HSM Test Tool

If all looks OK, download the Krestfield HSM Test tool from here:

 

Run the tool as follows:

From a UNIX shell:

    > ./hsmtest.sh


From a Windows Command Prompt:

    hsmtest.bat

 

    > Krestfield HSM Test Tool

 

    Enter PKCS#11 library path > /opt/nfast/toolkits/pkcs11/libcknfast-64.so    <-- Enter the full path to the PKCS#11 library

 

    PKCS#11 Token: Loading the PKCS#11 library: /opt/nfast/toolkits/pkcs11/libcknfast-64.so...

    PKCS#11 Token: Loaded PKCS#11 Driver /opt/nfast/toolkits/pkcs11/libcknfast-64.so OK

    HSM Driver loaded OK

 

    There are 2 slots:

 

    Slot: 0

      slotDescription:                                                                

      manufacturerID: nCipher Corp. Ltd              

      flags: CKF_TOKEN_PRESENT | CKF_HW_SLOT

      hardwareVersion: 0.00

      firmwareVersion: 0.00

 

    Slot: 1

      slotDescription: SFHSMTTOCS                                                     

      manufacturerID: nCipher Corp. Ltd              

      flags: CKF_TOKEN_PRESENT | CKF_REMOVABLE_DEVICE | CKF_HW_SLOT

      hardwareVersion: 0.00

      firmwareVersion: 0.00

 

    Select Slot > 1 <-- Enter the slot number - normally 1 if an operatore card set is in use

 

    PKCS#11 Token: Opening session...

    PKCS#11 Token: Opened session for slot 1 OK

    HSM Session Opened OK.  Session ID: 2251

 

    Enter HSM OCS Passphrase > <-- Enter the operator cardset password and press enter

 

    PKCS#11 Token: Password provided, attempting logon...

    PKCS#11 Token: Logged on to Token

 

    Logged in OK.  Configuration is good

 

This tool performs the same operations to connect to the HSM as EzSign.  Therefore, if you see this success message, translating the values entered above into the following properties: 

    channel.1.tokenType=This must be set to PKCS11
    channel.1.token.password=Set this as the operator password (as entered above) via the Management Utility
    channel.1.token.pkcs11.library=Set this to be the same path as entered above
    channel.1.token.pkcs11.slot=Set this to be the same number slot as entered above

e.g.

    channel.1.tokenType=PKCS11
    channel.1.token.password=Mt3WQvXz6fUy2yhpNC5ZBxCdPJWsy2Ol1QdLH3c1pogbHViP7oDeQA==
    channel.1.token.pkcs11.library=/opt/nfast/toolkits/pkcs11/libcknfast-64.so
    channel.1.token.pkcs11.slot=1

Should result in a successfull HSM setup

Contact Us

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Call: 020 8938 3616

Krestfield Limited, International House, 24 Holborn Viaduct, London, EC1A 2BN

Sales & Support

Should you need any help with any of Krestfield's products, or wish to make any suggestions, please contact us.

Sales: sales@krestfield.com

Support: support@krestfield.com

Latest News

PKCloud

Version 2.1.0 released

EzSign

Version 4.1.2 released

 

Our Mission

To create secure, highly available, easy to use products that are priced fairly

Please publish modules in offcanvas position.