Related Manuals for Sansec HSM
Summary of Contents for Sansec HSM
- Page 1 Sansec HSM User Manual v2.2 Beijing Sansec Technology Development Co., Ltd. July 2016...
- Page 2 Welcome to use SANSEC HSM Copyright (c) 2017 SanSec All right reserved The contents of this document are subject to change with or without notice. Any changes to content will not be included within this publication but will be in a newer release.
-
Page 3: Table Of Contents
Table of contents Product Overview ........................1 1.1. Product Introduction......................1 1.2. Product Functions......................1 1.2.1. Standard Functions....................1 1.2.2. Extended Function ....................2 1.2.3. Physical Interface...................... 2 1.2.4. Stability and Security ....................3 Key Concepts ............................ 4 Quick start guide ..........................6 Installation ............................ - Page 4 7.3.3. View Key State ....................... 22 SM2 Key Management ...................... 23 7.4. 7.4.1. Key Pair Generation ....................23 7.4.2. Key Pair Deletion ....................23 7.4.3. View Key State ....................... 23 7.5. ECDSA Key Management ....................24 7.5.1. Key Pair Generation ....................24 7.5.2.
-
Page 5: Product Overview
1.2. Product Functions 1.2.1. Standard Functions Sansec HSM is a host peripheral, using its own complex DES, RSA, SM2 and other encryption algorithms to provide information encryption to ensure that the network and point to point data security, including the data security on the host and network communication are working properly. -
Page 6: Extended Function
Support RSA, ECDSA, SM2 signature and verification of data. Support RSA, SM2 data encryption and decryption operations. Support the importing of RSA public and private key pairs into the HSM in a indexing way. Use physical hardware to generate true random numbers. -
Page 7: Stability And Security
Sansec HSM User Manual V2.2 Support white list function, and client access HSM IP address filtering function. Support configuration of the number of TCP socket connections , up to a maximum of 4096 . equipped with Independent key management port, host port, printing port;... -
Page 8: Key Concepts
Sansec HSM User Manual V2.2 2. Key Concepts Device ID:The device serial number on the label. It consists of the production date, production batch and a serial number. Combined with the product model, it can uniquely identify with each product. - Page 9 Sansec HSM User Manual V2.2 Symmetric/private keys:The keys used by a group of specific entities when using symmetric cryptography. Session key: Key of the lowest layer within the key management system. The key is only used for a session within a limited time and will be deleted once the...
-
Page 10: Quick Start Guide
Device installation For more details on installation, refer to chapter 4.1 b) HSM connection For more details refer to chapter 4.2: Login to HSM c) Run management tools For more details refer to chapter 4.3: Start up management program d) Installation wizard For more details refer to chapter 4.4: Installation wizard... - Page 11 Sansec HSM User Manual V2.2 7.5) " k) Network configuration For more information, refer to section5’s "viewing/modifying network configuration(chapter 5.4) ". Service management and configuration For more information, refer to section8’s "Service management " m) Backup and recovery For more information, refer to section 7’s " Backup and recovery(chapter 7.6) "...
-
Page 12: Installation
Turn on the device by pressing the power button and startup the machine. Device management 4.2. a) Use the serial port control cable to connect the HSM to a personal computer with Windows operating system installed. b) Run the "HyperTerminal" tool that comes with the Windows operating system, which can be found from the "Start menu"... -
Page 13: Start Up Management Program
After connecting to the terminal, press any key, the shell interface will appear. 4.3. Start up Management Program a) Connect to the HSM b) Run management program: execute the "hsmm" command to start the Sansec HSM management program. Management program main interface is shown as below:... -
Page 14: Installation Wizard
7 | Installation Guide | Complete the basic configuration of HSM according to the guide when the first time using it. 4.4. Installation Wizard If this is the first time you have used this device, you can run the step by step installation wizard to complete the basic configuration. - Page 15 Sansec HSM User Manual V2.2 c) Add operator:For starting cryptographic service. d) Local master key management:Set the new master key to ensure the storage security of other keys. e) Symmetric key management:Used to generate the symmetric key required in the business system.
-
Page 16: System Management
Sansec HSM User Manual V2.2 5. System Management 5.1. Checking on Device Basic Information Product information, such as producer, device serial number, system version, supported algorithms, etc., are shown below. Device basic information: ----------------- Successfully read device information. Item Return value... -
Page 17: Viewing /Modifying Network Configurations
Sansec HSM User Manual V2.2 Viewing device operating information: ----------------- _|__________________|__________________________________________________ Encryption service | Running Memory utilization | 0.93% Current number of occurrences 5.4. Viewing /Modifying Network Configurations View or modify network configuration parameters such as IP address, gateway, etc. - Page 18 Sansec HSM User Manual V2.2 Management log: ------------- ->1|View recent management logs Ctrl+f for next screen, Ctrl+b for last screen. 2|View history logs Ctrl+f for next screen, Ctrl+b for last screen. Select the function to be performed or [Quit(Q)] [Next Step(N)]>1...
-
Page 19: Authority Management
Sansec HSM User Manual V2.2 6. Authority Management 6.1. Viewing Login Status View the current administrator or login status of an operation. Viewing login status: ----------------- Item Value _|___________________________|______________________________________ Current authority status Super administrator Administrator number Logged on administrators |... -
Page 20: Modify User Password
<!> Safety reminder : Upon completion of the management operation, it is recommended to logoff the administrator in time, while only retaining the operator login status, which is enough for running the financial data HSM cryptographic services and status monitoring function. -
Page 21: Administrator Management
Sansec HSM User Manual V2.2 through the "modify user password" function right after your first login. 6.5. Administrator management 6.5.1. Add administrator a) Select "add management" from "administrator management" menu. b) Insert the administrator token in the direction indicated c) Enter the PIN to get the access authority of the USB token. -
Page 22: Update Operator Password
Update the password of operator: --------------- Executing the operation will update the operator password in HSM, and the operator which have registered will become invalid. You must re-added the new operator. Please input “YES” to decide [Quit(Q)] [Return(R)]> Insert the user's USB token into the USB port in the correct direction and input password. -
Page 23: Update Auditor Password
Update the password of auditor: --------------- Executing the operation will update the auditor password in HSM, and the operator which have registered will become invalid. You must re-added the new auditor. Please input “YES” to decide [Quit(Q)] [Return(R)]>... - Page 24 Sansec HSM User Manual V2.2 Viewing management privilege tables --------------- ->1|Viewing system management privilege The privilege for viewing the system management, service management and other functions. 2 Viewing permission for management privilege The privilege for viewing administrators and operators and other functions.
-
Page 25: Key Management
This operation is used to generate a new master key to ensure the security of other keys. Three key fragments need to be entered to set up the master key; and the HSM will automatically synthesize the master key internally. -
Page 26: Key Pair Deletion
Sansec HSM User Manual V2.2 b) Select the bit size of the key. Generate RSA key pair: ------------------ Select the bit size of the key, from 2048 bits to 3072 bits. _|________________________________________ 1| 2048 2| 3072 Select bit size of the key(Default[2048]), or [Quit(Q)] [Return(R)] [Previous Step(P)] [Next Step(N)]>1... -
Page 27: Sm2 Key Management
Sansec HSM User Manual V2.2 7.4. SM2 Key Management 7.4.1. Key Pair Generation Each index location of the device corresponds to one SM2 key pair. The detailed steps are as follows: a) Specifies the key location based on the indicated key index range. -
Page 28: Ecdsa Key Management
Sansec HSM User Manual V2.2 7.5. ECDSA Key Management 7.5.1. Key Pair Generation Each index location of the device corresponds to one ECDSA key pair. The detailed steps are as follows:: a) Specifies the key location based on the indicated key index range. -
Page 29: View Key State
11| [256] [256] [256] [256] [- -] [ - - ] [ - - ] [--] [- -] [- -] 7.6. Symmetric Key Management This is to manage various symmetric keys saved in the HSM. Symmetric keys managements------------- ->1|Generate randomly symmetric key Generate randomly or update key. -
Page 30: Key Generation Via Synthesizing Key Segments
Sansec HSM User Manual V2.2 Generate or update symmetric key: ------------------ Generate new symmetric key according to key index. algorithm Select type _|___________________________________ 1| 3DES 2| SM4 3| SM1 4| AES 5| 3DES(variant) Select, or [Return(R)] [Next Step(N)] > b) If you choose the 3DES or 3DES variant in the above step, please select the key strength. - Page 31 Sansec HSM User Manual V2.2 Synthesize key by key segments ------------- Enter the key segments manually and synthesize the key. Please select algorithm type. _|___________________________________ 1| 3DES 2| SM4 3| SM1 4| AES 5| 3DES(Variant LMK protect it) Select, or [Return(R)] [Next Step(N)]>...
-
Page 32: Key Deletion
Sansec HSM User Manual V2.2 Select [Quit(Q)] [Return(R)]> 7.6.3. Key Deletion Delete the expired or obsolete keys a)Input key index numbers Delete symmetric key----------------- Enter key index(1-2048) or [Return(R)] >200 Please enter the key index number(1-2048) again to confirm the deletion or [Return(R)] >200Successfully delete the symmetric key with index 200. - Page 33 Sansec HSM User Manual V2.2 sensitive information, such as the RSA private key, ECDSA private key and SM2 private key, and the symmetric key using this backup key and save it into a file. Export the backup files through FTP and keep them in good order. The detailed steps are as follows: a) Log in at least half of all administrators to obtain super administrator rights.
-
Page 34: Key Recovery
Please prepare two of the three administrator USB tokens that are used to store the backup key segment when backing up. b) Start up FTP service, import back up file to the HSM via FTP tool and make sure the file name is"swhsmbak.dat". - Page 35 Sansec HSM User Manual V2.2 Key recovery wizard: ------------------- 2. Import backup file. Starting FTP service… FTP service is running. Please use a FTP tool to import key backup file. The name of backup file must be swhsmbak.dat。 c) Import any 2 backup key segments, one by one. You need to insert a user USB token and enter the PIN during the process.
-
Page 36: Service Management
HSM supports 5. Service connection 11111111 The authentication password when the password client and HSM create a session 6. Service start-up 12345678 If the service start-up state is automatically password starting up at boot, the service firstly make... -
Page 37: White List Management
Sansec HSM User Manual V2.2 Modify service configuration: ------------- _|_________________________________________|______________________________ * Service port 8008 Service automatically start up at boot Session timeout (minutes) Maximum concurrent requests 2048 Service connection password ******** Service start-up password ******** Select the item to be modified or [Quit(Q)] [Return(R)]>2 Please select Whether service automatically start up or not at boot [Yes(Y)/No(N)] or [Quit(Q)] [Return(R)]>... -
Page 38: Start Or Stop Service
Sansec HSM User Manual V2.2 Service White List Management:------------------- | The IP address or IP address range which can access HSM _|_______________________________________________________________________ 1| 192.168.1.10 2| 192.168.1.15 3| 192.168.1.12 Add a new IP address Select the item to be deleted or [Quit(Q)] [Return(R)]>1 The IP address has been deleted successfully from white list. -
Page 39: Appendix A: Management - Access Privilege Table
Sansec HSM User Manual V2.2 Appendix A: Management - Access Privilege Table Management Operations Required Access category Privilege Device Check basic device information None management Check working information Operator Service Check maintenance information None management Modify maintenance information Administrator Check management audit logs... -
Page 40: Appendix B: Safety Instructions
Sansec HSM User Manual V2.2 Appendix B: Safety Instructions 1. Please read the safety instructions carefully before using this product. 2. Please follow the warning signs and instructions of the product. 3. When cleaning the device, unplug the machine from the power socket first. Do not use chemical cleaning agents. -
Page 41: Appendix C: Technical Support
Sansec HSM User Manual V2.2 b. When liquid intrudes into the device; c. When the product still does not function properly after you operate it following the instructions given; d. When the product is accidentally dropped on the ground or the shell has any damage. - Page 42 Sansec HSM User Manual V2.2...
Need help?
Do you have a question about the HSM and is the answer not in the manual?
Questions and answers