Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Related Manuals for Thales SafeNet ProtectServer PCIe HSM 5.4
Summary of Contents for Thales SafeNet ProtectServer PCIe HSM 5.4
- Page 1 SafeNet ProtectServer PCIe HSM 5.4 INSTALLATION GUIDE...
- Page 2 Document Information Product Version Document Part Number 007-013682-002 Release Date 08 January 2020 Revision History Revision Date Reason Rev. A 08 January 2020 Initial release Trademarks, Copyrights, and Third-Party Software Copyright 2009-2020 Gemalto. All rights reserved. Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and/or its subsidiaries and are registered in certain countries.
- Page 3 Gemalto does not and shall not warrant that this product will be resistant to all possible attacks and shall not incur, and disclaims, any liability in this respect. Even if each product is compliant with current security standards in force on the date of their design, security mechanisms' resistance necessarily evolves according to the state of the art in security and notably under the emergence of new attacks.
-
Page 4: Table Of Contents
CONTENTS Preface: About the SafeNet ProtectServer PCIe HSM Installation Guide Customer Release Notes Gemalto Rebranding Audience Document Conventions Notes Cautions Warnings Command Syntax and Typeface Conventions Support Contacts Chapter 1: SafeNet ProtectServer PCIe HSM Hardware Installation SafeNet ProtectServer PCIe HSM Required Items SafeNet ProtectServer PCIe HSM Installation Adapter Features The Card Faceplate... -
Page 5: Preface: About The Safenet Protectserver Pcie Hsm Installation Guide
Preface: About the SafeNet ProtectServer PCIe HSM Installation Guide PREFACE: About the SafeNet ProtectServer PCIe HSM Installation Guide The SafeNet ProtectServer PCIe HSM is the second-generation intelligent ProtectServer cryptographic services PCIe adapter, replacing the ProtectServer PSI-E. Safenet ProtectServer may employ either generic processing or high-speed DES and RSA hardware acceleration. -
Page 6: Gemalto Rebranding
Preface: About the SafeNet ProtectServer PCIe HSM Installation Guide http://www.securedbysafenet.com/releasenotes/ptk/crn_ptk_5-4.pdf Gemalto Rebranding In early 2015, Gemalto completed its acquisition of SafeNet, Inc. As part of the process of rationalizing the product portfolios between the two organizations, the Luna name has been removed from the SafeNet HSM product line, with the SafeNet name being retained. -
Page 7: Notes
Preface: About the SafeNet ProtectServer PCIe HSM Installation Guide Notes Notes are used to alert you to important or helpful information. They use the following format: NOTE Take note. Contains important or helpful information. Cautions Cautions are used to alert you to important information that may help prevent unexpected results or data loss. They use the following format: CAUTION! Exercise caution. - Page 8 Preface: About the SafeNet ProtectServer PCIe HSM Installation Guide Format Convention {a|b|c} Represent required alternate keywords or <variables> in a command line description. You must {<a>|<b>|<c>} choose one command line argument enclosed within the braces. Choices are separated by vertical (OR) bars.
-
Page 9: Support Contacts
Preface: About the SafeNet ProtectServer PCIe HSM Installation Guide Support Contacts Contact method Contact Phone Global +1 410-931-7520 (Subject to change. An up-to- Australia 1800.020.183 date list is maintained on the Technical Support Customer India 000.800.100.4290 Portal) Netherlands 0800.022.2996 New Zealand 0800.440.359 Portugal 800.863.499... -
Page 10: Chapter 1: Safenet Protectserver Pcie Hsm Hardware Installation
CHAPTER 1: SafeNet ProtectServer PCIe HSM Hardware Installation This chapter describes how to install and connect a SafeNet Protect Server PCIe HSM. To ensure a successful installation, perform the following tasks in the order indicated: "SafeNet ProtectServer PCIe HSM Ensure that you have all of the required components, as listed in Required Items" on the next page "SafeNet ProtectServer PCIe HSM Installation" on Install and connect the hardware, as described in... -
Page 11: Safenet Protectserver Pcie Hsm Required Items
Chapter 1: SafeNet ProtectServer PCIe HSM Hardware Installation SafeNet ProtectServer PCIe HSM Required Items This section provides a list of the components you should have received with your SafeNet ProtectServer PCIe HSM order. Contents Received The following table contains the standard items you received with your order. Item SafeNet ProtectServer PCIe HSM Adapter Card, short-form-factor (performance level 25, 220, or 1500, as ordered, indicated on label). -
Page 12: Safenet Protectserver Pcie Hsm Installation
Chapter 1: SafeNet ProtectServer PCIe HSM Hardware Installation Item Protect Toolkit Software DVD (in DVD case) Documentation DVD (in DVD case) SafeNet ProtectServer PCIe HSM Installation Follow these general steps to install and commission a SafeNet ProtectServer PCIe HSM card and its associated software. -
Page 13: Adapter Features
Chapter 1: SafeNet ProtectServer PCIe HSM Hardware Installation Install the SafeNet application programming interface (API) or the supplied net server software. See "Completing Installation" on page 16 Adapter Features The SafeNet ProtectServer PCIe HSM is a standard PCIe device that fits into any motherboard PCIe slot of formats x4, x8, or x16. -
Page 14: Installing The Adapter
Chapter 1: SafeNet ProtectServer PCIe HSM Hardware Installation When keeping the HSM in storage (without keys present) it is recommended that you isolate or disconnect the battery to extend its lifespan. You can use the ctcheck -b batterystatus command to test the battery's condition. -
Page 15: Smart Card Reader Installation
Chapter 1: SafeNet ProtectServer PCIe HSM Hardware Installation Confirm the adapter and driver package are operating correctly. These steps are covered in detail by the SafeNet HSM Access Provider Installation Guide for both Windows and Unix/Linux systems. Smart Card Reader Installation The SafeNet ProtectServer PCIe HSM supports the use of smart cards with a SafeNet-supplied smart card reader. -
Page 16: Completing Installation
Chapter 1: SafeNet ProtectServer PCIe HSM Hardware Installation Figure 4: The connected legacy card reader Completing Installation After you have installed the PCIe HSM Access Provider, install the supplied SafeNet API or net server software. Please refer to the installation instructions in the appropriate manual: >... -
Page 17: Chapter 2: Troubleshooting
CHAPTER 2: Troubleshooting The most common problem encountered when installing the SafeNet ProtectServer PCIe HSM is that the device driver is not loaded or functioning correctly. Should you encounter any difficulties, first check that you have followed all the installation instructions in this manual and the HSM Access Provider Installation Guide. - Page 18 Chapter 2: Troubleshooting The SafeNet hardware maintenance utilities hsmstate and hsmreset can be used to carry out simple fault diagnosis. These utilities are included in the ProtectServer PCIe HSM Access Provider installation. For more information, see the HSM Access Provider Installation Guide . Fault Diagnosis Procedure From a command prompt, execute hsmstate .
-
Page 19: Chapter 3: Hardware Reference
CHAPTER 3: Hardware Reference This Appendix contains hardware specifications and instructions on how to fit the HSM with an external tamper detector such as a micro switch. Adapter Modification for External Tamper Detectors Connect additional tamper detection devices using the tamper input header, located on the rear face of the card, as illustrated in "Rear face of the card" below Figure 5: Rear face of the card... -
Page 20: The Battery
Chapter 3: Hardware Reference The Battery The adapter is fitted with a backup battery, which maintains cryptographic keys and the correct time when the host computer is shut down, or when the adapter is otherwise disconnected from a power source. The battery has an expected lifetime of ten years. -
Page 21: Appendix A: Glossary
Appendix A: Glossary APPENDIX A: Glossary Adapter The printed circuit board responsible for cryptographic processing in a HSM Advanced Encryption Standard Application Programming Interface Administration Security Officer Asymmetric Cipher An encryption algorithm that uses different keys for encryption and decryption. These ciphers are usually also known as public-key ciphers as one of the keys is generally public and the other is private. - Page 22 Appendix A: Glossary CAST Encryption algorithm developed by Carlisle Adams and Stafford Tavares Certificate A binding of an identity (individual, group, etc.) to a public key which is generally signed by another identity. A cer- tificate chain is a list of certificates that indicates a chain of trust, i.e. the second certificate has signed the first, the third has signed the second and so on CMOS Complementary Metal-Oxide Semiconductor.
- Page 23 Appendix A: Glossary Encryption The process of converting the plaintext data into the ciphertext so that the content of the data is no longer obvious. Some algorithms perform this function in such a way that there is no known mechanism, other than decryption with the appropriate key, to recover the plaintext.
- Page 24 Appendix A: Glossary Internet Protocol Java Cryptography Architecture Java Cryptography Extension Keyset A keyset is the definition given to an allocated memory space on the HSM. It contains the key information for a spe- cific user KWRAP Key Wrapping Key Message authentication code.
- Page 25 Appendix A: Glossary Padding A mechanism for extending the input data so that it is of the required size for a block cipher. The PKCS documents contain details on the most common padding mechanisms of PKCS#1 and PKCS#5 Peripheral Component Interconnect Privacy Enhanced Mail Personal Identification Number PKCS...
- Page 26 Appendix A: Glossary Request for Comments, proposed specifications for various protocols and algorithms archived by the Internet Engin- eering Task Force (IETF), see http://www.ietf.org Random Number Generator Cryptographic algorithm by Ron Rivest, Adi Shamir and Leonard Adelman Real Time Clock Software Development Kits Other documentation may refer to the SafeNet Cprov and Protect Toolkit J SDKs.
- Page 27 Appendix A: Glossary Token PKCS#11 token that provides cryptographic services and access controlled secure key storage TokenPKCS#11 Token that provides cryptographic services and access controlled secure key storage Universal Resource Identifier Validation Authority X.509 Digital Certificate Standard X.509 Certificate Section 3.3.3 of X.509v3 defines a certificate as: "user certificate; public key certificate; certificate: The public keys of a user, together with some other information, rendered unforgeable by encipherment with the private key of the cer- tification authority which issued it"...
Need help?
Do you have a question about the SafeNet ProtectServer PCIe HSM 5.4 and is the answer not in the manual?
Questions and answers