ENTRUST

DATA PROTECTION
SOLUTIONS

nShield nCSE Training

2021

© Entrust Corporation
Course Contents – Day 1

Fundamentals of Cryptography
Hardware Security Modules
HSM Use Cases
nCipher Security World Software
◦ Practical Session #1: Connect the nShield network & install Security World software
Basic HSM Configuration
◦ Practical Session #2: nShield configurations and RFS-Server Setup
Additional Features and License
Security World and Keys
Practical Session #3: nShield Security World Configuration on nShield Connect

2 © Entrust Corporation 4/13/2021

Course Contents – Day 2

Security World - HSM and Quorum

◦ Practical Session #4: Create Softcard, OCS Card sets and keys, push config and add client licences

Disaster Recovery
◦ Practical Session #5: Disaster recovery: Recover passphrases, OCS cardsets , replace ACS and nShield connect
module

Maintenance
◦ Practical Session #6: nShield connect firmware upgrade and Security World reload

Remote-Management

CodeSafe

Customer Support

Examination for nShield Certified Systems Engineer

3 © Entrust Corporation 4/13/2021

Entrust data protection solutions

Multi-cloud Solutions delivering

Years of delivering trust for business
IoT
20+ trusted threat
protection and
enabling compliance
critical applications
Blockchain and information
Digital payments

Deep expertise
and track record in
applied DATA
cryptography PROTECTION
SOLUTIONS
1000+
Organizations rely on Entrust HSMs
to secure and support their
HSM market leader
applications and information
with a long history of
industry certifications • 57 of the top Global Fortune 100
and validation • 10 of the top 20 FTSE 100

4 © Entrust Corporation
 nCSE
nShield Certified Systems Engineer
Fundamentals of cryptography

www.ncipher.com
 Section Contents
o Symmetric cryptography

o Asymmetric cryptography

o Digital Signatures

o PKI – CA’s, RA’s and CSR’s

www.ncipher.com
8
The CIA triad

CIA
INTEGRITY

© Entrust Corporation
 Fundamentals of Cryptography
▪ Crypto refresh:
− Symmetric (also known as Secret Key Cryptography)
− Asymmetric (also known as Public Key Cryptography)
− Digital Signatures, Hash functions
− Certificates

Public Key Private or Secret Key

Encrypt & verify signature Decrypt, Encrypt & sign

10 © Entrust Corporation
 Symmetric cryptography
▪Symmetric Cryptography
− Symmetric (aka Secret Key) cryptography uses the same key to encrypt and decrypt
information. (Very fast)
- Very fast compared to Asymmetric cryptography
- Hard drive-Encryption
- Database-Encryption
- Network-encryption
− Used for maintaining Confidentiality of data.
− Symmetric key algorithm examples:
- AES* (Advanced Encryption Standard) NIST SP800 131A
- AES* 128, 192 and 256 bit, NIST approved 2001
- 3 (triple) DES - Triple Data Encryption Standard. (3 X 56 bit blocks = 168 bit)
– Standard prevalent within the payment industry.
(e.g. EMV - Europay Mastercard Visa.)

* Rijndael is the actual algorithm used for AES

11 © Entrust Corporation
 Symmetric cryptography
Original Message Encrypted message Original Message
(Plaintext) (Ciphertext) (Plaintext)

Encryption Decryption Algorithm

Algorithm Applied eg. AES
Applied e.g. AES

Secret Key Secret Key

Alice B326FF42476A0995565D8020C05AD6695 Bob

(Sender) (Receiver)

12 © Entrust Corporation
 Asymmetric cryptography
▪ Asymmetric cryptography
− Asymmetric cryptography is also known as Public Key Cryptography
− Asymmetric cryptography utilises key pairs
- The public key is freely distributed and is used for the encrypt function
- The private key is stored securely and is used for the decrypt function

− Maintains confidentiality and Integrity of data

− Asymmetric key algorithm examples:
- RSA
- Diffie-Hellman
- DSA

13 © Entrust Corporation
 Asymmetric cryptography
Original Message Encrypted message Original Message
(Plaintext) (Ciphertext) (Plaintext)

Encryption
using public key

Decryption
using private key

Bob’s Public Key Bob’s Private Key

Alice Bob
(Sender) (Receiver)

BC116DE42476A0988565B8000A05AA66F
EB326FF42476A0995565D8020C05AD6695

Public key is freely distributed Private key is stored securely

14 © Entrust Corporation
 Asymmetric cryptography
▪ Asymmetric Cryptography
− Asymmetric cryptography provides safe passage for securing endpoints.
- Slow
- Large key sizes 1024, 2048, 4096 (RSA Only)
– ECC keys can provide same security as RSA and are typically only twice the size of symmetric keys
but not support on all endpoints yet.
- Related key pairs used for performing different functions:
– Public key encrypts and verifies
– Private key decrypts and signs
- Also known as Public key Cryptography

− Major components of Public Key Cryptography:

- Certificates
- Registration Authorities
- Certificate Authorities
- Certificate Revocation
15 © Entrust Corporation
 Symmetric and asymmetric cryptography
▪ Symmetric cryptography often used in conjunction with asymmetric cryptography
− Endpoints exchange public keys (asymmetric cryptography)
− Used to set up of a slow but secure channel
− Which is used by the endpoints to decide on and exchange shared symmetric encryption
keys
− Which are used to construct much faster symmetric encryption channels for data
- Fast
- Small key size 128 or 256 bit
- Same key for encryption and decryption
- Good for bulk encryption
- Also known as secret key cryptography

16 © Entrust Corporation
 Public Key Infrastructure
▪Public Key Infrastructure Concepts
− Establishing a Public Key Infrastructure (PKI) could help to provide the following assurances:
- Assurance of the integrity of information sent and received electronically.
- Assurance of the source and destination of that information.
- Assurance of the time and timing of that information (providing the source of time is known).
- Assurance of the privacy of that information.
- Assurance that the information may be introduced as evidence in a court of law.

− The level of trust and assurance provided by a PKI is in large part down to how it is governed,
managed and operated.
− Where a PKI is to provide assurance of undertakings in any legal sense, the PKI will likely
require some form of 3rd party accreditation – e.g. Webtrust, tScheme etc.

17 © Entrust Corporation
 Digital Signatures
▪ Digital signatures
− Digital signatures are usually added to plaintext messages
− Created using public key algorithms
− Examples:
- RSA
- DSA
- ECDSA

− Confirms sender’s identity and message's integrity

18 © Entrust Corporation
 Hash Function
▪ Hash Function
− Used for digital signatures on any data, e.g. mp3, mp4, text file
− One way function
− Small, fixed length block of binary data created from the entire message data:
- Different message → different hash
- Impossible to derive message from the hash
- Common hash functions: SHA-1*; SHA-256; SHA512

***SHA1 is not longer recommended – see https://shattered.it***

19 © Entrust Corporation
 Digital Signatures (RSA) - Sign
Original Message
(Plaintext)
Signature
Sig. Block
Message Hash (Hash is encrypted
using private key)

ADD MESSAGE
Original Message
(Plaintext) SIGN FUNCTION

Signed
Message

Alice’s
Alice Public / Private Key
(Sender) Bob
(Receiver)

20 © Entrust Corporation
 Digital Signatures (RSA) -Verify
Message Hash
encrypted using
Directory
senders private key

EXTRACT

Alice’s Certificate
contains public key
Attributes
OID, Sig. Algorithm, Certificate,…

COMPARE
hash from sign. block
and calculated hash
from Message
HASHING
FUNCTION
using algorithm and
data from sign. block

Bob Alice
Receiver Sender
21 © Entrust Corporation
 Digital Certificates
▪ A Certificate is an electronic document used to transmit information about the ownership of a
public key

▪ The X.509v3 Standard defines the content of an certificate e.g.:

− Serial Number: Used to uniquely identify the certificate.
− Subject: The person, or entity identified.
− Signature Algorithm: The algorithm used to create the signature.
− Signature: The actual signature to verify that it came from the issuer (CA).
− Issuer: The entity (CA) that verified the information and issued the certificate.
− Valid-From: The date the certificate is first valid from.
− Valid-To: The expiration date of the certificate.
− Key-Usage: Purpose of the public key (e.g. key encipherment, signature, certificate signing etc.)
− Public Key: The public key of the entity which the issuer (CA) has signed.
− Thumbprint Algorithm: The algorithm used to hash the public key certificate.
− Thumbprint (also known as fingerprint): The hash itself, used as an abbreviated form of the public key certificate.
- The thumbprint is used to uniquely identify the certificate. It is a SHA-1 hash calculated across the entire certificate.

22 © Entrust Corporation
 PKI
▪ Public Key Infrastructure
− Addresses “authenticity of Public Keys” problem
− Certificate Signing Request (CSR - base 64 or binary encoded PKCS#10) is a message sent from an
applicant to an RA/CA in order to apply for a digital identity certificate

− The authenticity and validity of public keys and associated digital identities are assured by use of a:

- Certificate Authority (CA) Inspects the integrity of the CSR, obtains relevant information from the CSR, generates a
certificate, uses its private key to sign a hash of the certificates contents (binds public key to identity via the
signed certificate)
- Registration Authority (RA) Processes and verifies the claimed identity provided in the CSR. This may be done
automatically or manually from a number of identity sources.

− Root Certificate Authorities are self-signed and form the Root of Trust for subordinate Certificate Authorities
− The CA uses certain information contained in the CSR to create the certificate:
- Identity
- Public Key
- Signature, using a private key

23 © Entrust Corporation
 Certificates and Certificate Signing
Root CA Tier #1
(Self Signed Certificate) Issuer Name
Root CA signs subordinate certificate request Validity Period
(with attached Public key) with its Private key Owner Name
Owner’s Public Key

Signed by CA
Signed and validated Certificate request Private Key
Returned to requesting Subordinate CA

Certificate request sent

Certificate request
Assures that public key
returned as signed certificate
is bound to identity

Subordinate (Policy) CA #1 Tier #2 Registration Authority

Tier #2 CA can then issue Registration Authority processes user requests,
certificates to Tier #3 CA’s checks identity and inducts into user into a database.

Subordinate (Issuing) CA #2 Subordinate (Issuing) CA #3

Tier #3 Tier #3
24 © Entrust Corporation
 nCSE
nShield Certified Systems Engineer
HARDWARE SECURITY MODULES

www.ncipher.com
 Three good reasons why to use a HSM
Three good reasons to use Hardware Security Modules:
▪ Keys are generated from entropy using a true Random Number Generator
− All keys are generated using a high quality HSM on-board Hardware Random Number
Generator

▪ Any Private (ASYMMETRIC) or Secret (SYMMETRIC) keys must never be revealed

in the clear on disk or in memory
− Keys are never revealed beyond the confines of the FIPS validated secure boundary of
the HSM

▪ High availability at all times is a requisite for security

− The Security World paradigm provides high availability and allows large numbers of keys
to be managed

28 © Entrust Corporation
 Benefits of using an HSM
▪ Software-only cryptography is vulnerable to key compromise:
− Sensitive key data is in server memory during operations
− Core dumps can reveal sensitive data
− Stored key data is only as secure as the passphrase (if any) protecting it

▪ HSMs provide a secure environment for key generation and usage:

− Key data is never revealed outside HSM
− True hardware Random Number Generator
− Key generation uses a secure, on-board random number generator
− Access to keys can be restricted using card sets and passphrases

29 © Entrust Corporation
 Information Security Standards: Closer look
▪ FIPs: Federal Information Processing Standards are US government
computer security standards
- Operated by NIST(National Institute of Standards & Technology) and CSE(Communications Security
Establishment) of the government of Canada
- FIPS 140-2 Level 2 has requirements for physical tamper-evidence and role-based authentication.
- FIPS 140-2 Level 3 adds requirements for physical tamper-resistance and identity-based authentication,
and for a physical or logical separation between the interfaces by which "critical security parameters"
enter and leave the module, and its other interfaces.

▪ Common Criteria(The Common Criteria for Information Technology

Security Evaluation)
- Defines set of assurance components, families and classes as a standard way of expressing the
assurance requirements for TOEs(Target of Evaluation)
- Produces evaluation assurance levels(EAL), EAL1, 2, 3, 4 etc. and Protection Profiles(PP)

34 © Entrust Corporation
 nShield Product Line
▪ An HSM is a tamper-resistant device designed to:
− generate keys securely
− store keys securely
− facilitate the secure use of sensitive key material

▪ nShield family consists of three different HSM form factors:

− PCIe: The nShield Solo XC
− Network: The nShield Connect XC
− USB: The nShield Edge

nShield Connect
nShield Edge nShield Solo

36 © Entrust Corporation
 nShield Edge
supports USB interface
Integrated smart card reader
Shares Security World management with nShield
HSMs
Readily integrates with third-party applications
Delivers FIPS compliance
(F3 Edge only)
Compact for easy storage in a secure vault
Good for Bring Your Own Key (BYOK), Root CA
signing, code signing etc.
Available in 3 flavours:
- Developer Edition
- FIPS Level 2
- FIPS Level 3

37 © Entrust Corporation
 nShield Edge
▌ Limitations of the nShield Edge
The Edge was originally only supported in a Microsoft Windows™ and Linux
environment (Version 12.40 onward)

limited feature set

Max. command buffer size: 2038 bytes.

Take care, when importing certificates!
(Solo/Connect: 8192 bytes)

38 © Entrust Corporation
The nShield family - a closer look
▪ nShield Solo: PCI-Express form factor

Mode change override

jumpers
Card reader attaches here

© Entrust Corporation
nShield Connect
▪ nShield Connect: network-attached
◦ Provides a shareable cryptographic
resource for up to 100* client servers Front panel menu

▪ 1U rack mount appliance

◦ Integrated card reader
◦ Front panel menu system, jog wheel selector
◦ Two Ethernet ports Integrated card reader
◦ Dual hot swap power supplies
◦ Available models:
▪ XC Base, Medium and High

© Entrust Corporation
 nShield Connect

41 © Entrust Corporation
nShield Connect Field Serviceable Parts

Power supplies

Fan tray unit

with battery

The fan tray unit is replaceable because of the tamper-battery. An

information is shown at the HSMs front panel if this step is
necessary.

© Entrust Corporation
 nShield serial numbers
▪ nCipher HSMs in the nShield product line have two serial numbers:

◦ The paper serial number

▪ Example: 36-NC1111A
▪ This serial number is printed on the actual hardware:
▪ nShield Solos have this serial number printed on a sticker on the card;
▪ nShield Connect modules have this serial number printed onto the tamper evident sticker
on the lid and on the back panel.

◦ Electronic serial number (ESN)

▪ Example: A412-FFCA-1557
▪ This value is returned by many nCipher utilities, e.g. “enquiry, nfkminfo.
▪ Can also be viewed from the front panel
▪ This value is not written on the hardware itself.
◦ When obtaining support, at least one of these values will be required to prove
support has been purchased.

© Entrust Corporation
 Client licence (for Connect XC)

Model max. number of

licenses
Connect
XC High 100
Connect
XC Mid 20
Connect
XC Base 10

Note that all models ship with default licences = 3

45 © Entrust Corporation
nShield Smart Card

Local smart card

◦ Can be used for local administration
◦ Can be used for remote operator
◦ No code in card
◦ Can be used for ACS or OCS usage
Remote Admin Card (version 12 and newer)
◦ Can be used for local and remote administration
◦ nShield secure code in smart card
◦ Capable of establishing a secure channel between card and HSM for remote
administration
◦ Can be used for ACS or OCS usage

48 © Entrust Corporation
nShield Smart Card

Local card and Remote admin cards cannot be mixed within a

cardset
Local

Remote
Local Remote

49 © Entrust Corporation 4/13/2021

 nCSE
nShield Certified Systems Engineer
HSM Use cases

www.ncipher.com
Use Cases

© Entrust Corporation
HSMs and Public Key Infrastructure
◦ Assure the integrity of digital identities
◦ Operate PKIs across the enterprise confidently
▪ Protect signing keys in offline and online Certificate Authorities
▪ Protect signing keys in OCSP Responders

◦ Role separation between usage and administration

▪ Defined processes for using and copying keys
▪ Satisfy audit and compliance requirements

◦ “out of the box” integration with major PKI vendors,

e.g.:

© Entrust Corporation
Encrypted Storage Solution

Encryption Gateway
◦ No agent installation in Application server

Transparent to user and application to access storage

Plaintext data Encrypted

(virtual storage) data

56 © Entrust Corporation
Bring Your Own Key (BYOK) for public cloud

In The Cloud
On-Premises

© Entrust Corporation
 Double Key Encryption (DKE)

Specifically for For customer’s most Requires 2 No Microsoft RMS/ Use nShield HSM to
Microsoft Information sensitive data –need components - code on customer protect/ keep
Protection to isolate from 3rd customer and premises customer keys on
environment parties Microsoft held crypto premises and Entrust
keys Professional
Services to develop
web service utilising
DKE

© Entrust Corporation
58 4/13/2021
 nShield Cloud Integration Option Pack

Create keys on Confidence that keys Confidence that the Not locked into cloud
premises, and have been generated long term storage of service provider –
securely using a keys are protected free to export to
securely export to
strong entropy by a FIPS-certified other providers on
the cloud (AWS, source HSM demand
Google Compute
Engine, Microsoft
Azure & Salesforce)
59

© Entrust Corporation
4/13/2021
 nShield Container Option Pack

nShield support in Provides a set of Containerized Supports the Certified integrations

virtualised and scripts to architect applications can dynamic scale, with Mirantis
containerised proven deployment readily access flexibility and (Kubernetes Engine),
deployments model nShield HSMs for orchestration needs RedHat OpenShift
processing sensitive of containerised and VMware Tanzu
data and key environments
material
60

© Entrust Corporation
Securing the industry’s leading solution providers

STRATEGIC TECHNOLOGY PARTNER

PROGRAM

Integrations with growing ecosystem of over

100 security solution providers

Delivers value and enhanced security to end

customers by hardening partner solutions with
certified, hardware-based cryptography

Mature, proven processes backed by

technology expertise and global coverage
ensure the strongest customer support

61 © Entrust Corporation
 nCSE
nShield Certified Systems Engineer
Install nCipher Security World Software

www.ncipher.com
Software components
▌The main components of nCipher nShield software are:
The “hardserver”
- This process interfaces between applications and HSMs
- Runs as a service on Windows OS
- Runs as a daemon process on Linux based systems

Command-line tools
- A selection of tools and utilities for performing Security World functions

Libraries
- Containing the implementations of popular APIs
- These can be seen in the next slide

© Entrust Corporation
Hardserver
▌ The hardserver is responsible for:
Bridging the communication between applications and the HSMs
Translating cryptographic task from applications to HSMs
Inter-module (IMPATH) communication
Loading SEE machines
Configuration of remote slots HARDSERVER
Load balancing

(Impath)
TCP/IP
Failover
Retrying failed HSMs
Gathering statistics
Device Driver
Client key separation
Improved performance scaling (Version 12.1)
And more ... nShield Edge
nShield Connect
▌ What is it?
Part of nfserv installer package on Linux, Core Tools on Windows

nShield Solo

© Entrust Corporation
 Server “roles”
▪ A server in the Security World can fulfil 3 “roles” (depending on
what you install)

◦ Client (Privileged or Unprivileged):

▪ Privileged – Can carry out crypto operations and run Admin commands on the HSM
▪ Unprivileged- Can only carry out crypto operations (use the services of the HSM such as key
generation/key usage, not modify any of the administrative level configuration)

© Entrust Corporation
Server “roles” cont.
◦ RFS:
▪ A Remote File System (RFS) is required by each Connect for setup.
▪ Only 1 RFS can be defined on a Connect
▪ A single RFS can serve multiple Connects at once

▪ RFS is not required while HSM is running, no single point of failure!

▪ A RFS can be configured alongside the client role, OR on a separate server

▪ In smaller environments may be on a client
▪ In larger environments may have a separate server

▪ The RFS is used by the Connect to:

▪ Read Security World files from when loading a Security World
▪ Store Log files
▪ Store copies of config files
▪ Write the World file to when the Security World is created/changed

© Entrust Corporation
Production and SDK
▌ Security World software suite:
Basic software version, suitable for most deployments.
The latest version of Security World software arrives with a new HSM
Generally this is the version to deploy on production systems
Contains necessary header files and documentation for development
prior to 12.60 developer libraries and documentation was a separate software package called “Ciphertools”,
now rolled into base version

© Entrust Corporation
Prerequisites for Installation process - Linux
▌The following things need to be done/clarified prior to install the software
Check Firewall:
- Port 9000 TCP (local internal JAVA-Connection, non-privileged Client)
- Port 9001 TCP (local internal JAVA-Connection, privileged Client)
- Port 9004 TCP (incoming impath connections from clients; bidirectional for RFS-Server)
- Port 9005 TCP if Remote Administration is deployed

Install Java JRE7 (Oracle JRE 1.7.x) if needed (JRE11 since V12.60)

Consider installation directory

- cannot be changed but redirected with symbolic link (ln –s)

Check Architecture
- Linux-Version of Software have different ISOs/DVDs for 32bit and 64bit

© Entrust Corporation
Installation process - Linux
▌The following commands must be run as root
Extract files:
- Change directory to “ / ”
- Un-tar the required components from CD:
Example:
tar xf /MOUNT_POINT/linux/LIBC_VER/ARCH/nfast/COMPONENT/FOO.tar
Files are extracted to: /opt/nfast/

Build kernel driver (only required for nShield Solo) :

- Install the headers for your current kernel
- Change the directory to /opt/nfast/driver/
- Run ./configure && make
Run the install script:
- /opt/nfast/sbin/install
- Follow prompts until completed

Note: this assumes that Developer-Tools (Build-Utilities) are installed correctly

© Entrust Corporation
After-Setup Steps for Installation process
▌The following things should be considered after setup (if needed)
Retarget installation directory with symbolic link (if needed)
- link /opt/nfast to any other directory

Create Symbolic Link to /opt/nfast/sockets if needed

- only needed for backwards compatibility of old applications
- create /etc/nfast.conf with entry
NFAST_CREATEDEVNFAST=1

Add NFAST-Binary-Directory to path

- E.g. for BASH link /opt/nfast/bin to PATH in your personal profile.
Add the following lines to the end of the Profile file:
PATH=/opt/nfast/bin:$PATH
export PATH

© Entrust Corporation
Installation process - Windows
▌Run setup from Security World software
DVD

▌Optionally, run CAPI or CNG install

wizard:
This will register nCipher nShield as a Crypto
Provider for Windows
Required to integrate with many Windows
applications (e.g. Microsoft CA)

© Entrust Corporation
File location - Unix
▌Default file locations – Unix based systems:

Security World files: /opt/nfast/kmdata/local/

Configuration file: /opt/nfast/kmdata/config/config
HSM Configuration file(RFS): /opt/nfast/kmdata/
Log files: /opt/nfast/log/
Utilities: /opt/nfast/bin/
Library files: /opt/nfast/java and
/opt/nfast/toolkits

© Entrust Corporation
File location - Windows
▌ Default file locations – Windows based systems:

Security World files:

C:\ProgramData\nCipher\nfast\Key management Data\local\

Security World Configuration file:

C:\ProgramData\nCipher\nfast\Key management Data\config\config

Log files:
Windows Event Viewer and %NFAST_LOGDIR%

Utilities:
C:\Program Files\nCipher\nfast\bin\

© Entrust Corporation
File location - Windows
▌ Default file locations – Windows based systems:

Library files:
C:\Program Files\nCipher\nfast\java and
C:\Program Files\nCipher\nfast\toolkits

HSM configuration file(RFS):

C:ProgramData\nCipher\nfast\Key management Data\<hsm-esn>\config

© Entrust Corporation
Adding the ‘binaries’ path in Windows
▌ Windows based systems:

‘Start’, ‘Computer’, ‘System properties’, Advanced system properties’, ‘Environment

Variables’
Find the ‘PATH’ field in ‘System Variables’ and double-click
Open the field and append:
%NFAST_HOME%\bin

▌ This allows the nFast binaries to be accessed without having to navigate

to the Program directory all the time

© Entrust Corporation
Security World v12.60 / 12.70
▪ The only cipher suite available is AES (DLf3072s256mAEScSP800131Ar1).
◦ To be FIPS SP800 131A rev 1 compliant.

▪ OpenJDK 11 support.

▪ Fast RNG for ECDSA. Bring ECDSA performance back to previous fw version of 3.4.2.

▪ Windows 2019 Server support.

▪ Support for Soft nToken (softkneti) client authentication.

▪ Recommended firmware version is 12.50.11 which is FIPS approved firmware.

© Entrust Corporation
 Practical Session
1. Connect the nShield network

www.ncipher.com
 nCSE
nShield Certified Systems Engineer
BASIC HSM CONFIGURATION

www.ncipher.com
nShield Connect
▌Applications cannot distinguish between the devices in the nShield product
family.
It is possible to combine any number of nShield Connects with Solo cards and Edge HSMs in any
given Security World

▌Important to remember that an nShield HSM can only belong to a single Security
World instance at any given time.

© Entrust Corporation
Remote File System
▌A Remote File System (RFS) is required by each nShield Connect.

▌Only one RFS can be defined per nShield Connect.

The RFS resides on a server with the nCipher security world software installed.
A server is designated as an RFS before the HSM module configuration stage.
The RFS can be situated on any server, however, it is typical to choose a client server
for this purpose.
The RFS-Server itself does not need a client-license
A single RFS can serve multiple nShield Connects within a Security World domain.
There is normally one RFS per Security World.
The Remote File System contains extra directories which the Connect uses for
storing its configuration data (config and features) and log file.
It is also where the Connect reads Security World files from when loading a Security
World, or when inducting a new nShield connect into an existing Security World.
▌Only the nShield Connect requires a Remote File System

© Entrust Corporation
Clients with or without nToken
▌ nTokens strengthen authentication
Run ntokenenroll.exe –H between an nShield Connect and a client.
nethsmenroll [--ntoken-esn <esn>] [Options] <nethsm-
IP> [nethsm_ESN netHSM_HKNETI] nTokens are PCI-e cards and are only suitable for
physical clients.
nShield nToken With nToken:
- Client uses nToken protected key to prove its
identity to nshield Connect.
- nShield Connect no longer relies on just IP
address for authentication.
Without nToken:
- Client authenticates nShield Connect via
KNETI hash.
- nShield Connect authenticates client by IP
address.

nShield connect

© Entrust Corporation
Client authentication using softkneti
▪ Presently an nShield Connect client is identified by IP
address only
◦ The Connect needs to know the client's IP address
▪ A client can’t have a dynamically assigned IP address

◦ Without an nToken only IP address checking is possible

▪ Software authentication token
◦ Allows an HSM client to be securely authenticated, even
without an nToken
▪ Initial release uses a softkneti key, generated by the client
hardserver

◦ By default nToken authentication will be used

◦ If there is no nToken, the software authentication token
will be used
▪ In the future the software authentication token will
also be used to identify clients with a dynamic IP
address

90 © Entrust Corporation
Client privileges
▌Client servers are enrolled as either privileged or unprivileged
Privileged Are required for Remote Administration, they can perform certain administrative
tasks:
- Create Security World
- Load Security World
- Load CodeSafe machine
- Enable features
- Reboot the HSM
- Change HSM mode
- Clear the module
- Configure the HSM
Unprivileged clients cannot run privileged commands:
- They can use nShield Connect normally (i.e. load and use keys)
- It is recommended that all clients be unprivileged; unless there is a good reason for them to be
allowed a privileged connection.

© Entrust Corporation
 nShield Connect: basic configuration steps
▪ Configure IP address(s) and default gateway
▪ RFS Setup
◦ On the RFS machine run the RFS setup commands
◦ On the nShield Connect configure the RFS machine IP address
◦ Note: This has to be done in this order
▪ Enrolling Clients with the nShield Connect
◦ On the nShield Connect configure the client machine IP address(es)
◦ On the client machine(s) run the enrollment commands
◦ Note: This can be done in any order
▪ Configure the Auto-push facility on the nShield Connect
▪ Setup the RFS-Sync Utility
◦ On the RFS machine setup the clients
◦ On the clients setup the RFS

© Entrust Corporation
nShield Connect: basic configuration

1-1-4
1-1
Network config 1
► System configuration
► System
Hardserver config
System information
Remote HSM system
Login file
settings
Security
Client World
►Upgrade configmg0mt
system
payShield
Resilience config
Factory state
Config CodeSafe
file options
Shutdown/Reboot
▼

© Entrust Corporation
Initial configuration: nShield Connect IP
address & Def gateway
1-1
1
► System configuration
► System
System information
HSM
Login settings
Security World mgmt
Upgrade system
payShield
Factory state
CodeSafe
Shutdown/Reboot

1-1-1 1-1-1-1
► Network config ► Set up interface #1
Hardserver config Set up interface #2
Remote file system Set default gateway
Client config Set up routing
Resilience config Show routing table
Config file options Ping remote host
▼ ▼

1-1-1-1-1 1-1-1-1-1-1
► Configure #1 IPv4 ► Enable/Disable IPv4
Configure #1 IPv6 Static IPv4 address
Set link speed for #1

© Entrust Corporation
Initial configuration: nShield Connect IP
address & Def gateway
Network configuration 1-1-1-1-1-2
Enable/Disable IPv4
IPv4 enable/disable: ► Static IPv4 address
ENABLE

CANCEL FINISH

Network configuration 1-1-1-3

Set up interface #1
Enter IP address for Set up interface #2
interface #1: ► Set default gateway
0. 0. 0. 0 Set up routing
Enter netmask: Show routing table
0. 0. 0. 0 Ping remote host
▼

1-1-1-3-1
Gateway configuration
► IPv4 Gateway
IPv6 Gateway
Enter IPv4 address of
the default gateway

0. 0. 0. 0

© Entrust Corporation
nShield Connect: Setup RFS
▌Install the nCipher Security World software onto designated RFS server
first.

▌Get KNETI-Hash and ESN from Connect

Run anonkneti <nShield Connect IP address>
This will return the Connect ESN and kneti hash
#anonkneti 172.18.10.62
DF3E-3AB9-9FE2 356cb328180f369c591643c99846dc667f1dfa0b
The ESN and Hash value returned should be compared with those shown on the front panel of the
nShield Connect.

▌ Run RFS-Setup
Run rfs-setup <nShield Connect IP address> <ESN> <hash>
This will create the required directories for the server to act as an RFS.

© Entrust Corporation
Add RFS to nShield Connect

1-1
1
► System configuration
► System
System information
HSM
Login settings
Security World mgmt
Upgrade system
payShield
Factory state
CodeSafe
Shutdown/Reboot

1-1-3
Remote File System
Network config
Hardserver config
Enter RFS IP address:
► Remote file system
0. 0. 0. 0
Client config
Resilience config
Enter RFS port number:
Config file options
9004
▼

© Entrust Corporation
nShield Connect: Append log file to RFS
1 1-1
► System ► System configuration
HSM System information
Security World mgmt Login settings
payShield Upgrade system
CodeSafe Factory state
Shutdown/Reboot

1-1-3
Select Log Behaviour
Hardserver config
Do you want to log
Remote file system
only to nShield
Client config
Connect RAM, or to
Resilience config
append to the remote
Config file options
filesystem log:
► Log config
Append
▲▼

Append Log file

Choose to “Append” to log to
Append log files to the Remote File Server. (RFS)
nShield Connect log on
your RFS. Please enter
the time between each
append.
mins: 60

© Entrust Corporation
Feature activation
2
System 2-3
► HSM HSM information
Security World mgmt HSM reset
payShield ► HSM feature enable
CodeSafe Set HSM mode

2-3- 1
Read FEM from card
Read from a file
View current state
Write state to a file

▌ Optional features are purchased and

supplied on smart cards:

From the front panel, select

▌ Features may also be distributed as text certificates

Enable these via 2-3-2 from front panel

The Certificate will be read from

“%nfast_kmdata%\<hsm-esn>\features” directory

© Entrust Corporation
nShield Connect: Client configuration

1-1-4
1-1
1 Network config
► System configuration
► System Hardserver config
System information
HSM Remote file system
Login settings
Security World mgmt ► Client config
Upgrade system
payShield Resilience config
Factory state
CodeSafe Config file options
Shutdown/Reboot
▼

Client configuration
Client configuration
Client configuration
1-1-4-1
This client is not
► New client Please choose the
Please enter your configured to use an
Edit client client permissions:
client IP address: nToken. Do you want to
Remove client
0. 0. 0. 0 enroll with an nToken?
Unprivileged
No

© Entrust Corporation
Enroll client to nShield Connect
▌ Enroll each client server with an nShield connect.
Install Security World software onto each client server

▌ Bind/Enroll the HSM to/on the Client

Run “nethsmenroll [-p] <nshield Connect IP>”
- -p = privileged connection (optional)
A prompt will ask for confirmation of ESN and KNETI hash.
#nethsmenroll 172.18.10.62
Remote module returned ESN: DF7E-3E89-9FE2
HKNETI: 9c591643c99…846dc667f1dfa0b
Is the above correct? (yes/no): yes
OK configuring hardserver's nethsm imports

▌ Run “enquiry” to ensure that the Connect now appears in the List

© Entrust Corporation
nShield Connect: Auto push configuration
▌Configure auto-push config file to nShield Connect
Configure the nShield Connect as follows:

1-1-6
1-1
1 Network config
► System configuration
► System Hardserver config
System information
HSM Remote file system
Login settings
Security World mgmt Client config
Upgrade system
payShield Resilience config
Factory state
CodeSafe ► Config file options
Shutdown/Reboot
▼

Auto push mode

1-1-6-2 1-1-6-2-1
Fetch configuration ► Auto push mode
Set auto push mode to:
► Setup auto push IPv4 push address
IPv4

RESET CONFIRM

1-1-6-2 1-1-6-2-1 IPv4 push address

Fetch configuration Auto push mode
► Setup auto push ► IPv4 push address Please enter the client
IPv4 address you wish to
Push config files from
0. 0. 0. 0

© Entrust Corporation
nShield Connect: Auto push configuration

▌Run “cfg-pushnethsm” command

On the RFS push the config to the HSM. Enter the following:
cfg-pushnethsm –a <nShield Connect IP> -p <port> < full config file
path>

#cfg-pushnethsm.exe -a XXX.XXX.XXX.XXX -p 9004

“C:\Programdata\ncipher\key Management Data\hsm-
ESN\config\config

No error messages received: success!!

© Entrust Corporation
Configure rfs-sync
▌On the RFS, run the following command for each client:
With nToken present:
rfs-setup --gang-client <client IP address> <ESN> <Keyhash>
Without nToken:
rfs-setup --gang-client --write-noauth <client IP address>
--gang-client is only used if client need write access for rfs-sync-commit

▌On each client, run the following command:

With nToken present:
rfs-sync --setup <rfs IP address>
Without nToken:
rfs-sync --setup --no-authenticate <rfs IP address>
▌rfs-sync is used to update / commit config file:
To update client files, run rfs-sync –update(download from RFS to Client)
To update client AND push files to RFS, run rfs-sync -–commit

© Entrust Corporation
nShield Connect

Clients can push new (key /

cardset) files to the RFS and
Updates local client
Client #1 RFS
--commit

Clients can pull files from the

RFS

Client #2 Client #3
--update

Due to security reasons, files are never deleted with rfs-sync!

© Entrust Corporation
 Verify installation
▪ Command ‘enquiry’: provides information regarding the hardserver and the module(s)
connected to it

◦ Verifies software has installed correctly

◦ Two listings: Server (hardserver), Module(s) (Connect, Solo or Edge)

◦ Displays firmware versions

◦ Shows ESN

◦ Displays module status( operational, maintenance ….)

◦ And much more ……

© Entrust Corporation
 Any Questions?

www.ncipher.com
107
 Practical Session
2. nShield Connect Configuration & RFS setup

www.ncipher.com
 nCSE
nShield Certified Systems Engineer
Additional Features and Licences

www.ncipher.com
FET
▌nShield Solo and Edge
use the interactive ‘fet’ option fet
(feature enable tool);
options for reading from
smart card or from file.

0. Exit Feature Enable Tool

1. Read FEM from smart card
▌nShield Connect 2. Read FEM from file
3. Read certificate from keyboard
option 2-3-1 to read from smart card 4. Write table to file
menu option 2-3-2 to read from file
files must be placed in ‘%NFAST_KMDATA%\hsm-ESN\features’ on the RFS.

© Entrust Corporation
Alternative way to activate licence

For Connect HSM, you can use another command

“nethsmadmin”
The command loads licence file from RFS to Connect HSM

115 © Entrust Corporation

CodeSafe EU +10 (aka SEE) activation
▌CodeSafe EU+10
⚫ US
Permits full use of all CodeSafe features. ⚫ Australia
Available for most European countries (plus ⚫ New Zealand
trusted others).
⚫ Canada
The part number still refers to EU+10
⚫ Japan
because three of the countries in the original
list have since joined the EU ⚫ Switzerland
⚫ Norway

▌CodeSafe Restricted
HSMs can only run CodeSafe machines
signed by Keys, signed by nCipher.
Helps prevent substituted CodeSafe
machines from working.
Request and ADDER-Signing Certificate

© Entrust Corporation
Available features
▌Static feature enable certs can be upgraded remotely with nShield Connect

▌Dynamic features i.e. client licenses and restricted SEE feature cannot be
loaded remotely

▌Most features are static, enabled by means of a switch in the EEPROM of the
HSM
they remain enabled when the module is reinitialized
▌ Some optional features are dynamic, enabled by means of a software switch in the volatile
memory of the HSM.
a dynamic feature must be enabled again if the HSM is reinitialized.
▌ For static features – same behaviour as nShield Solo
use the fet tool selecting option 2
▌ For dynamic features
Not currently supported with Remote Administration

© Entrust Corporation
 Static and Dynamic Features
▪ Static Features (are saved in the HSM and will be available after a factory reset)
◦ payShield Activation
◦ ISO Smart Card Support (Foreign Token)
◦ Remote Operator
◦ SEE Activation (EU+10)
◦ Korean Algorithms
◦ CodeSafe SSL
◦ Elliptic Curve algorithms
◦ Elliptic Curve MQV
◦ Accelerated ECC
▪ Dynamic Features (are not in the HSM and will be lost after a factory reset)
◦ SEE Restricted
◦ Client-Licenses
any other feature which is not in the list above

© Entrust Corporation
 nCSE
nShield Certified Systems Engineer
Security World – cardsets and keys

www.ncipher.com
 FIPS 140-2 level 3
▪ Strict FIPS mode
◦ Authorisation required for generating / creating keys.
◦ Import / export of secret / private keys forbidden (Only possible if keys are wrapped using; e.g. Key
Encryption Key (KEK)).
◦ RSA key lengths must be multiplicative 256bits.
◦ Import of public keys requires authorisation from ACS.
◦ All but FIPS approved mechanisms are disabled.
◦ Single DES and MD5 no longer approved in FIPS.
▪ FIPS Authentication
◦ Can be found on any Operator or Administrator card
◦ No authorisation on Softcards
◦ Not needed to load and use a key

© Entrust Corporation
 FIPS 140-2 level 3
▪ FIPS can be a disadvantage in your configuration!
◦ FIPS will disable some features on your HSM and allow only features to be used which are listed in the
FIPS-Specification
◦ Some options and features will no longer be available
◦ Unattended HSM operation is difficult with FIPS strict enabled
◦ Activate FIPS-Mode only if you have the legal requirement to do so

▌ Customer decision!

© Entrust Corporation
Security World
▌A Security World is an isolated security domain:
◦ configured to match the security policies of the business (or application)

▌The same Security World is often loaded onto multiple HSMs:

◦ this allows the HSMs to share keys with each other

▌Businesses will often have more than one Security World:

◦ often one per application or one per business department

▌An HSM can only belong to one Security World at any time.
◦ Although a Security World may contain many Hardware Security modules

© Entrust Corporation
 Application key tokens
▌Key tokens are encrypted by the Security World module key

▌Keys generated by an HSM are stored as strong encrypted tokens/blobs on

a server’s hard disk. They are not stored inside the HSM unless storing in
NVRAM has been selected.

▌The Module Key is protected by the ACS and stored within the EEPROM
(Electrically Erasable Programmable Read-Only Memory) of the HSM

▌Storing the encrypted key tokens/blobs outside the HSM means:

◦ the number of keys is determined only by available disk space.
◦ keys tokens can be backed-up just like normal files.

© Entrust Corporation
Client servers
▌A server can be connected to multiple HSMs

▌Servers within a common security world contain copies of a single

“\local” directory which itself contains a copy of the world file, key
tokens, cards and card-sets associated with that security world

▌Encrypted files can only be decrypted using the original encrypting

“Security world module key” inside the HSM

© Entrust Corporation
Load Security world module key
Network Switch

HSM #1

Client

“world” file

Remote File System

storing HSM-Config and HSM #2
World-Files

“world” file
Admin Card Set (ACS)
Quorum: K=2, N=5
protecting module Key with KNSO

© Entrust Corporation
Encryption workflow – generate a key

Application (client)
Server
rfs-sync.exe to update generatekey.exe
Remote File System

Remote File IMPATH

System connection
Key is encrypted with Security world module key
and stored as a key token/blob on server

Security world module key

nShield Connect

© Entrust Corporation
Encryption workflow – Encrypt data
Legend:

Encrypted Key

Decrypted Key

Key handle

Pass plain text and

key handle to HSM Key Handle returned

Security world module key

Load Key command

RAM

HSM decrypts key token

and loads it into memory

Application passes
Application Encrypted key token to HSM
server
Cipher text returned

© Entrust Corporation
Key application names
▌ Eight appnames defined:
▌ Six related to implementation of industry standard APIs
◦ pkcs11 PKCS#11 applications
◦ embed/hwcrhk OpenSSL (CHIL) applications, (hwcrhk deprecated)
◦ jcecsp JCE/JCA applications
◦ mscapi/caping Microsoft Crypto API and Next Generation applications

▌ Two used for custom nCore Applications

◦ simple general purpose, nCipher nShield native

▌ Three for CodeSafe SEE Applications

◦ seeinteg SEE code signing
◦ seeconf SEE code confidentiality
◦ seessl CodeSafe/SSL server key type

© Entrust Corporation
Key lifecycle
▌ The longer a key is in use, the greater the chance of it becoming
compromised, therefore it is important to regularly replace (roll) important
keys.
▌ The given lifetime of a key depends on:
◦ The value of protected data
◦ The volume of data
◦ Frequency of use
▌ If the destruction of a key (or Security World) is necessary, be mindful of:
◦ Past backups; eradicate as required
◦ Possible implications on past key hierarchies.

© Entrust Corporation
Administrator Card Set
▪ Administrator Card Set:

◦ There is always one and only one ACS for each Security World.

◦ The ACS authorises core security actions, such as:

▪ Adding additional HSMs to the Security World.
▪ Performing disaster recovery functions.

◦ The ACS is created at the same time as the Security World.

◦ The ACS quorum must be maintained to continue managing the Security

World.
▪ Passphrases are not recoverable
▪ Single cards are not recoverable

© Entrust Corporation
Care for the quorum
◦ Security World utilises the k of N principle.
▪ N reflects the total number of available cards
▪ K dictates the required number necessary to authorise any given activity
▪ All values chosen by stakeholders prior to creating a Security World

ACS #1 ACS#2 ACS #3 ACS #4 ACS #5

© Entrust Corporation
 Card Storage
▌Normally the ACS is kept in a secure vault

◦ Dual access control safes offer even greater peace of mind.

▌Passphrases for each specific card known only by their custodian.

◦ Cards should be placed in an envelope immediately after creation.

▌ACS may occasionally be split across different geographical locations

◦ Might affect K-of-N decision ( If a complete quorum is required at both sites.)

© Entrust Corporation
 Section Contents

o HSM Modes
o Changing HSM Modes
o Configuration options for Security World
− Workshop 3. Security World Configuration on nShield
Connect
o Operator Cardset (OCS)
o Keys

www.ncipher.com
140
nShield Solo and Edge

© Entrust Corporation
nShield Solo
▌ nShield Solo back plate:
Reset switch
Status light
MOI switch
▌ To change mode, move the MOI switch and either depress the
reset button or run
nopclearfail -c -m <module_num>

▌ The HSM-mode can be changed remotely since Version 12

Security World Software

M Maintenance (Firmware Upgrades)

O Operational (Normal operation)
I Initialisation (Create / load / erase Security world)

© Entrust Corporation
nShield Edge
▌ To set the mode on an nShield Edge: Push and release the “mode” button.

The light should blink red. Push the

“clear” button to force the module into
maintenance mode.

Push the “mode” button again,

followed by the “clear” button to force
the module into initialisation mode.
M
I
O status

mode clear

© Entrust Corporation
nShield Connect
▌ Prior to initializing a Security World for the first time, it is vital to consider the
following:
The authorizing quorum value for the Administrator card Set.
Choice of Security World module key
Delegation settings.
- RTC = Real Time Clock
- NVRAM = Give read / write authorization to NVRAM
- SEE-Debugging
- Indicates whether delegation keys should be created to authorize these operations
- Without these keys, standard command line tools will not work
- Only the quorum setting can be altered
Key recovery and passphrase (PIN) recovery

© Entrust Corporation
nShield Connect
▌ FIPS 140-2 compliance level:
Default is level 2. Choose level 3 if you have a regulatory requirement to do so.

▌ ACS quorum size (K-of-N).

▌ Security World key type (Designated cipher-suites):

DLf1024s160mDES3 DES3 (no longer available for new Security Worlds)
DLf1024s160mRijndael AES
DLf3072s256mRijndael AES NIST SP800
DLf3072s256mAEScSP800131Ar1 Latest

▌ Delegation settings for RTC, FTO, NVRAM and SEE debugging.

Indicates whether delegation keys should be created to authorise these operations.
Without these keys, standard command line tools won’t work.
“K” part of quorum settings can be altered.

▌ Key recovery and passphrase (PIN) recovery

These are either enabled or disabled.

© Entrust Corporation
New world
▌ Use new-world for the following operations:
%NFAST_HOME%\bin>
- new-world -i (initialise / create security world)
- new-world -l (load security world)
- new-world -e (erase security world)

▌ Before creating a new security world run new-world –h to display all options. Select
module key type from the available list ---cipher-suite=CIPHER-SUITE Create
security world using CIPHER-SUITE for infrastructure cryptography. Permitted values
are:
DLf1024s160mDES3 (not longer available in new Security Worlds in Version 12)
DLf1024s160mRijndael
DLf3072s256mRijndael
DLf3072s256mAEScSP800131Ar1

© Entrust Corporation
New world
▌ Create a new security world.
Ensure that no security world data exists in the \local directory
Ensure that the HSM is in the (Pre-)Initialisation mode.
- new-world -i command is used
e.g. new-world –i –S –m 1 –c DLf3072s256mAEScSP800131Ar1 –Q 3/5 p
- Insert n total blank smart cards when prompted
- Insert smart cards for the ACS
Change back to Operational mode
▌ Parameter list in the example above:
-i = initialise
-S = without a remote-share certificate (Remote operator is NOT possible)
-m 1 = on module 1
-c = with an AES module key
-Q = ACS quorum of 3-of-5
p = passphrase recovery enabled

© Entrust Corporation
Create Security World on an nShield Connect

© Entrust Corporation
 Create Security World on an nShield Connect
▌ You can create a Security World with the “new world” command or using the front
panel of the nShield Connect.
The new-world command is needed on a ‘privileged client for remote-creating a Security World using the
remote admin setup(version 12 only).

© Entrust Corporation
Configure security world
▌ Before a Security World can be created via a Connect you must ensure that:
◦ The Connect is configured correctly with an RFS.
◦ The RFS must have no existing Security World files in its kmdata/local folder.

3-2
3 Display World info
System ► Module initialization
HSM RFS operations
► Security World mgmt Admin operations
payShield Cardset operations
CodeSafe Card operations
▼

3-2-1 New Security World

► New Security World Admin cardset quorum:

Load Security World 0/ 0
Erase Security World
Specify all quorums?
No
Yes

Choose “Yes” to enable/disable features such as key

recovery and passphrase recovery.
Choose “No” to accept defaults.

© Entrust Corporation
Options for quorum
1 New Security World 2 3
New Security World
New Security World
Admin cardset quorum:
Do you want your world
2/ 3 Select security world
to run in FIPS 140-2
module key type:
level 3 compatability
Specify all quorums?
mode (does not improve
Yes AES
security)? No

4 5 6
PIN recovery quorum Key recovery quorum
Module prog. quorum
► Require 1 of 3 ► Require 1 of 3
► Require 1 of 3
Require 2 of 3 Require 2 of 3
Require 2 of 3
Disable PIN recovery Disable recovery

7 8 9
SEE debugging quorum
NVRAM access quorum RTC access quorum
► Require 1 of 3
► Require 1 of 3 ► Require 1 of 3
Require 2 of 3
Require 2 of 3 Require 2 of 3
Authorise with KNSO
Authorise with KNSO Authorise with KNSO
SEE debugging for all

© Entrust Corporation
Options for quorum
FTO quorum New Security World

► Require 1 of 3 Do you want to make

Require 2 of 3 module 1 a valid
Authorise with KNSO target for remote
shares?
Yes

Create Security World:

3 required.
Module #1: 0 written.
Slt0 empty.

Insert blank card

ACS quorum

The remaining screens prompt for blank cards and passphrases (optional)
The Security World files will be stored on the RFS
- These must be copied to every client machine, rfs-sync can be used for this.

© Entrust Corporation
 Displays information about a Security World
▪ nfkminfo general information
▪ nfkminfo –k keys
▪ nfkminfo –k [app] keys
▪ nfkminfo –l list of keys with protection
▪ nfkminfo -c cardsets
▪ nfkminfo -c [hash] additional info about a cardset
▪ nfkmcheck check security World data for
consistency
▪ nfkmverify –m [module] [app] [ident] Verifies an
application key

© Entrust Corporation
nfkminfo
▌ Security world keys hashes
◦ hknso - Security officer key ACS
◦ hkm - World key (DES3 or AES)
◦ hkmwk - Well known module key (non secret)
◦ hkre - Key recovery (RSA pair)
◦ hkra - Recovery Auth key
◦ hkmc - Module Cert key
◦ hkrtc - Runtime clock
◦ hkfto - Foreign token
◦ hkmnull - Same as hkmwk (zero in AES)

© Entrust Corporation
 Practical Session
3. nShield Security World Configuration on nShield
Connect

www.ncipher.com
 Key protection
▪ There are three different types of key protection:
◦ Module protection
▪ The key token file is simply protected by the Security World module Key, as per normal.
▪ Any application on the server can load and use the key.
▪ suitable for high-availability Web servers that you want to recover immediately if the computer resets.

◦ Softcard (passphrase or password) protection

▪ The key is additionally protected by a passphrase.
▪ An application will prompt the user for the passphrase before loading the key.
▪ Softcards function as persistent 1/1 logical token(OCS)

◦ Operator card set (token) protection

▪ The key is protected by a card set.
▪ The user must insert the required cards to authorise the key loading.

◦ The protection method is chosen when the key is created.

© Entrust Corporation
Operator Card Sets
▌Operator card sets are used to protect Keys.
◦ To load an OCS protected key, a quorum of cards from the OCS must be presented.
▌A Security World can have any number of OCSs.
◦ Each set is identified by a name.
◦ A fresh K-of-N is made for each set.
◦ Card sets can be created or deleted at any time.
◦ Standard-Operator card sets can only be deleted
within the same Security World in which they were created.

▪ Operator Cards employ the Security World key to perform a challenge-response protocol with the
hardware security module. Operator Cards are only useable by an HSM that belongs to the same Security
World

◦ Remote-Administrator card sets can be deleted at any time

using slotinfo --format [--ignoreauth] -m MODULE -s SLOT

© Entrust Corporation
Operator Card Sets
▌Each Operator card can have a passphrase.
◦ This must be supplied when the card is inserted.
◦ Passphrases can be of any length and contain any character available to you.
◦ The passphrase can also be left blank.

▌OCS can be configured to be used remotely (Remote Opeator)

▌OCSs are often stored in a less paranoid manner than the ACS
◦ Entirely dependent on value / importance of Key being protected (think root CA)
◦ Sometimes an OCS may be stored in the card reader (consider non-persistent card sets)

© Entrust Corporation
 Key persistence using OCS
◦ Operator card sets can be persistent or non-persistent.

▪ Persistent OCS:
The final card of the quorum
can be removed and the
card remains loaded.

▪ Non-persistent OCS:
If the final card of the quorum
is removed, the key gets forcibly
unloaded

▪ Timeouts:

Both persistent and non-persistent OCSs can have an optional

timeout value set. Keys will be forcibly unloaded when the timeout expires

161 © Entrust Corporation

Create OCS on the nShield Connect

3 : Security World mgmt

3-5 : Cardset operations

3-5-1 : Create OCS

▌If module is running in FIPs 140-2 Level 3(strict FIPS) then ACS or OCS
will be required to perform FIPs auth

© Entrust Corporation
 Create OCS using CLI on Client
▪ createocs –m MODULE –Q K/N –N NAME –T TIME –p (persistent) –
q (remote)
◦ createocs –m 1 –Q 1/2 -N ocs2 –T 0 –p –q
◦ You can run nfkminfo –c and check to see OCS listed

▌If module is running in FIPs 140-2 Level 3(strict FIPS) then one card from
ACS or OCS will be required to perform FIPs auth

© Entrust Corporation
 Practical Session
4. Create Softcard, OCS cardsets and Keys

www.ncipher.com
 nCSE
nShield Certified Systems Engineer
DISASTER RECOVERY

www.ncipher.com
 Section Contents

o Forgotten passphrase
o Lost administrator card sets
o Lost operator card sets (OCS), aka Key
recovery
o nShield hardware failure

www.ncipher.com
169
Passphrase recovery
▌It is not possible to recover a lost passphrase for an Administrator card.
▌It may be possible to recover a lost passphrase for an Operator card,
providing:
“PIN recovery” option was enabled when the Security World was created.
- This can only be set at the time of Security World creation.
A quorum of Administrator cards remains intact and available
Run the command line utility “cardpp -r” and follow prompts.

ACS OCS
© Entrust Corporation
Passphrase recovery
▌nShield Connect:
From the front panel navigate to “Recover PIN” via:

3 : Security World mgmt

3-4 : Admin operations

3-4-3 : Recover PIN

© Entrust Corporation
 ACS recovery
▌Loss might mean:
◦ Literally lost (i.e. location unknown).
◦ Unreadable (i.e. through damage to card).
◦ Unusable, due to a forgotten passphrase.

▌The generation of a new ACS is possible providing a quorum of the original

ACS is still available.
◦ This process creates an entirely new ACS, therefore the World file is altered.
◦ Use rfs-sync to update clients.

▌nShield Solo and nShield Edge:

◦ Run the “racs” utility from the command line and follow prompts.

© Entrust Corporation
ACS recovery
▌nShield Connect
◦ From the front panel navigate to “Replace ACS” via:

3 : Security World mgmt

3-4 : Admin operations

3-4-1 : Replace ACS

© Entrust Corporation
Replace OCS / key recovery
▌The Operator card set which protects a key can be changed:
If key recovery is enabled.
If a quorum of Administrator cards are available.
▌No cards from the old OCS are required for this operation.
This enables an OCS to be recovered even if the entire card set is lost.
Create a new OCS. The keys will be moved to this new OCS.
Run the “createocs” utility from the command prompt.
Once the new OCS has been created, use the “rocs” (replace OCS) utility.

The ACS quorum will be required for this activity.

© Entrust Corporation
ROCS
C:\Program Files (x86)\nCipher\nfast\bin>rocs
rocs> list cardsets
No. Name Keys (recov) Sharing
1 OCS#1 1 (1) 1 of 2
2 OCS#2 0 (0) 1 of 2
rocs> target OCS#2
rocs> list keys
No. Name App Protected by
1 OCSkey1 simple OCS#1
rocs> mark 1
rocs> recover
rocs> save
rocs> quit

© Entrust Corporation
Create OCS

3 : Security World mgmt

3-5 : Cardset operations

3-5-1 : Create OCS

© Entrust Corporation
Recover Keys
▌nShield Connect
From the front panel navigate to “Recover keys” via:

3 : Security World mgmt

3-4 : Admin operations

3-4-2 : Recover Keys

© Entrust Corporation
nShield Failure
▌The nShield Connect has a visible warning indicator on the front panel.

▌You can replace the fan tray module or a power supply unit (PSU) without
activating a tamper event as both are outside the security boundary. You can
access:
◦ the PSU(s) from the rear of the nShield Connect.
◦ the fan tray module through the removable front vent.

© Entrust Corporation
 nShield Failure
▌If the HSM module fails completely:
◦ Contact Support quoting either printed serial number or ESN.

◦ Un-enroll the failed HSM from clients.

◦ Un-enroll the HSM from RFS-Server and Clients
◦ When replacement hardware is received treat as a new module.
◦ The Administrator Card Set quorum is required

© Entrust Corporation
PKCS#11 loadsharing
▌PKCS#11 load-sharing requires additional configuration:
◦ Ensure OCS is 1-of-N and that each N card has the same passphrase and is
non-persistent
◦ Insert a card into the reader of each HSM
◦ Set the environment variable: CKNFAST_LOADSHARING=1
▪ This can be set in environment or in $NFAST_HOME\cknfastrc file

© Entrust Corporation
 Practical Session
5. Recover Passphrases OCS Cardsets and Replace
The Connect Module

www.ncipher.com
 nCSE
nShield Certified Systems Engineer
Maintenace and Monitor

www.ncipher.com
SNMP
▌MIB (Management Information Base) located in the:
◦ %NFAST_HOME%\etc\snmp\mibs Windows
◦ $NFAST_HOME/etc/snmp/mibs Unix
▌Information available:
◦ Security World information, software details, hardware information.
◦ Card set information and key information.
◦ Low level data: commands issues, connection lists, fan speeds
◦ SNMP appendix in documentation provides full install and usage procedures

© Entrust Corporation
nShield and SNMP
▌nShield has had SNMP support for a very long time:
◦ Runs on client host (of Edge, Solo, Connect)
◦ Polls local environment (%NFAST_KMDATA%) and visible module(s)

▌Requirement for SNMPv3 support:

◦ Bundled agent only does v1, v2c
◦ Solution: new agent overlay for 11.72-12.10, 12.30
▪ Replaces legacy ncsnmpd
▪ Install alongside existing client software
▪ No disruption to client software functionality

◦ SNMPv3 support native in v12.40.2 onwards!

▌Must setup and configure agent prior to it being available.

© Entrust Corporation
 nShield Monitor
▪ nShield Monitor is a virtual appliance that lets you monitor, 24x7 and in one centralized
location, all your nCipher HSMs.
◦ Provides 24 x 7 visibility on all HSMs
◦ Identifies performance bottlenecks to improve capacity planning.
◦ Enables immediate response to potential issues through comprehensive alerts
◦ Integrates seamlessly with existing HSM hardware and software configurations
◦ Can setup users as Admins/Group managers/Agents to allow different levels of control
◦ Can segregate HSMs into groups to allow access only to that groups owners (for example.)
◦ Will alert you if HSM/Client has an issue or is down!
◦ Can setup email alerts for when a notification/issue/down etc. is encountered.

© Entrust Corporation
nShield Monitor - Monitoring
▌On-demand Polling via SNMP:
◦ System configuration – HSM serial number
◦ Security World Key – By list, HSM, Client Host, keys and cardsets
◦ Utilization/Loading – command count, every 60 sec
◦ Health – Alive, connection, tampered, time, host ports
◦ nShield Monitor Event Logging – Error, event, alert, etc.

© Entrust Corporation
nShield Monitor Platform

Hypervisor
◦ vSphere ESXi 6.0; 6.5
◦ VMware Workstation 12; 14
◦ Oracle VirtualBox 6.0
◦ Microsoft Hyper-V

193 © Entrust Corporation

Firmware upgrade
▌Firmware upgrades are included with each software release and may:
◦ improve the performance of the HSM;
◦ introduce new functionality;
◦ patch bugs!
◦ Fix vulnerabilities

▌nCipher software always contains two versions of firmware:

◦ latest firmware;
◦ latest FIPS-approved firmware.

▌Not always able to downgrade:

◦ the firmware Version Serial Number (VSN) is increased when vulnerabilities are fixed;
◦ cannot “upgrade” module firmware to a version with a lower VSN.

© Entrust Corporation
ACS awareness
◦ You MUST ensure you have an operational Administrator Card Set quorum
available before performing a firmware upgrade. The upgrade wipes ALL
Security world information from the HSM
◦ The ACS is required to reload the security world once the firmware upgrade
has completed.
◦ If you cannot verify the integrity of the ACS you should not proceed with any
firmware upgrade.

© Entrust Corporation
 Upgrade firmware continued
▌nShield Connect modules make use of a « net image » which is installed
to the nethsm-firmware directory on the RFS.
◦ Combines:
▪ HSM Firmware
▪ nShield Connect O/S and software
▪ LCD front panel firmware
▌Net image files are installed to $NFAST_HOME/nethsm-firmware/
◦ The Connect looks in this folder on the RFS when upgrading its firmware.
▌ To upgrade firmware, navigate to « Upgrade system » via:

1
► System
HSM
Security World mgmt
payShield
CodeSafe

1 : System

1- 4 : Upgrade System

© Entrust Corporation
Upgrade firmware continued
▌Select desired net image version.
There will normally be more than one choice of firmware offered. The latest release (awaiting full FIPS
approval) and the preceding release, (FIPS approved)

▌Select to confirm the two warning screens and the firmware will be loaded
and applied.
▌After reboot the Security World must be reloaded

▌If the HSM display responds slowly after a firmware upgrade, a power
cycle (full shutdown, power off, power on and restart) will resolve this.

Upgrade System
Upgrade System
XXXWARNING
XXX WARNING XXX
XXX

Reinitialise
System will besecurity
World after
returned upgrade
to Factory
completed
state

Load firmware
1- 4 : Upgrade System
© Entrust Corporation
Security world software upgrade
▌Windows Operating System
◦ Uninstall the current software using « Add/Remove programs » from control panel
◦ Note that the security world files and other important data are untouched by this process
◦ The new software release is installed as per normal by selecting the setup.exe.

▌Unix-based O/S:
◦ Backup security world files.
◦ Ensure that you are root and run « /opt/nfast/sbin/install -u »
◦ Uninstall software as per documentation for the following O/S:
▪ Solaris run “/usr/sbin/pkgrm”
▪ AIX run “smit install_remove”
▪ HPUX run ”/usr/sbin/swremove ”
▪ Linux manual “rm –rf /opt/nfast/”

© Entrust Corporation
 Any Questions?

www.ncipher.com
210
 nCSE
nShield Certified Systems Engineer
KEYSAFE – THE GUI Tool

www.ncipher.com
Open Java sockets
▌KeySafe Graphical User Interface
◦ The GUI is java-based
◦ It is necessary to run config-serverstartup -sp
▪ This allows Java applications to talk to the nShield hardserver.
▪ The hardserver must be restarted before these changes take effect
▪ net stop “nfast server”
▪ net start “nfast server”

◦ It’s a useful tool for learning about the Security World

◦ Offers a convenient UI for administrators to perform general Security World activities:
▪ Generate, list and import keys
▪ Create and replace cards and cardsets
▪ Initialise, load and erase an HSM

© Entrust Corporation
KeySafe GUI
◦ The KeySafe Graphical User Interface provides basic information
about security world and modules.

© Entrust Corporation
KeySafe GUI
▌KeySafe menu:
◦ Introduction
◦ World
▪ Initialise Security
▪ Reprogram Module
▪ Erase Module
◦ Card sets
▪ Examine/Change
▪ Create New OCS
▪ Replace OCS
▪ Replace ACS
▪ Discard card set
◦ Softcards
▪ Create Softcard
▪ Change Passphrase
▪ Discard softcard
◦ Keys
▪ Generate Key
▪ Import Key
▪ Discard Key
© Entrust Corporation
 nCSE
nShield Certified Systems Engineer
Remote Management

www.ncipher.com
Remote Administration
▪ Remote Administration feature:
◦ Does not require an HSM at the attended location
◦ Is suitable both for OCS and ACS cards
◦ You can create an OCS or ACS remotely
◦ You can use both persistent and non-persistent cards remotely
◦ Does not require a feature activation license
◦ needs new Remote-Administration-Cards

◦ Only suitable for 1 to 1 HSM

© Entrust Corporation
 nShield Remote Administration
▪ Remote Administration enables
◦ Administrator or Operator card holders to present smart cards to an HSM that's in a different location
▪ All smart Administration and Operator card operations can be carried out remotely
▪ Includes presentation of non-persistent OCS cards

◦ Remote authorisation
▪ By secure remote presentation of Administrator and Operator Card Sets

◦ Full remote administration of Security Worlds and their HSMs including

▪ Remote mode change
▪ Remote firmware upgrade of nShield Connect and nShield Solo
firmware (after upgrading to Security World v12.00)
▪ HSM status (SOS) reporting
▪ nShield Connect reboot
▪ Remotely locking the nShield Connect front panel

227 © Entrust Corporation

Remote-Administration Overview
Office Remote-Datacenter

Separate SSH or RDP connection

Used for issuing commands and
entering passphrases

Client
With Remote admin client nShield Connect
Tools with Version 12 Firmware
Privileged Client
with Remote-Service Installed

VPN-CONNECTION

© Entrust Corporation
 Remote MOI Switching – nShield Connect
▪ Run nopclearfail -O/-I to remotely set the mode of
the Connect
▪ Run enquiry to confirm
▪ Enable and disable remote mode change via:
◦ The module configuration file
▪ To enable/disable mode change using nopclearfail
▪ locate the server_settings section of the HSM configuration file
▪ set the enable_remote_mode field to yes/no

◦ The front panel of the nShield Connect

▪ navigate to System > System configuration > Remote config options > Remote
mode changes and set to on

© Entrust Corporation
Deploying Remote Administration - Dynamic slots
▪ To configure dynamic slots on a Solo:
◦ Use the dynamic_slots section in the hardserver configuration file to define the number of
Dynamic Slots for each relevant HSM.
▪ Configuration file: %NFAST_KMDATA%\config\config
▪ To configure dynamic slots on a Connect:
◦ Use the dynamic_slots section in the client configuration file to define the number of Dynamic
Slots for each relevant HSM.
▪ HSM configuration file: %NFAST_KMDATA%\<hsm-esn>\config

◦ Use the nShield Connect front panel controls to navigate to

Security World mgmt > Set up dynamic slots > Dynamic Slots
then follow the instructions on the front panel display
▪ Then clear the HSM for the changes to take effect.
nopclearfail --clear –all
◦ alternatively press the clear button for a few seconds

© Entrust Corporation
 Deploying Remote Administration – Authorized Cards List
▌Use of nShield Remote Administration Cards is controlled by an Authorized
Card List
▌A defence in depth feature:
◦ E.g. can revoke cards held by ex-employees
◦ Prevents random cards being used with a Security World
◦ If the serial number of a card does not appear in the Authorized Card List, it is not recognized by the
system and cannot be used
◦ The list only applies to Remote Administration cards and is used with cards:
▪ in the local slot of an HSM
▪ in a card reader that is associated with a dynamic slot of the HSM, through the nShield Remote Administration
Client

© Entrust Corporation
 HSM Remote Operations
▪ nShield Connect can be rebooted using the nethsmadmin command-line utility
◦ nethsmadmin --module= [MODULE] –-reboot
◦ N.b soft reboot only
▪ nShield Connect mode can be changed using the nopclearfail
command-line utility remotely
◦ nopclearfail --maintenance | –M
◦ nopclearfail --operational | –O
◦ nopclearfail --initialization | –I
▪ nShield connect can be upgraded remotely using nethsmadmin
◦ Firstly list the nethsm image files on the RFS.
▪ nethsmadmin --list-images=rfs_IP_address
◦ Then tell the HSM to use a specific firmware file from the RFS.
▪ Nethsmadmin –m[Module number]--upgrade_image=[image path]
▪ nethsmadmin --upgrade_image=nethsm-firmware/0.4.11cam2/nCx3N.nff

© Entrust Corporation
 HSM remote operations
▪ You can Disable/Enable remote operations by either:
◦ The module configuration file
◦ In the [server_settings] section:
▪ Remote reboot: set enable_remote_reboot to no/yes
▪ Remote Mode Change: set enable_remote_mode to no/yes
▪ Remote Upgrade: Set enable_remote_upgrade to no/yes
▪ HSM configuration file found @ %NFAST_KMDATA%\<hsm-esn>\config

◦ The front panel of the nShield Connect

1-1-12 1-1-12-1
1 1-1
Log config Remote Mode Changes
► System ► System configuration
Date/time setting ► Remote
Allow Reboot
priv clients
HSM System information
Keyboard Layout toRemote Upgrade
initiate a
Security World mgmt Login settings
Tamper config Remote mode reboot?
payShield Upgrade system
Default Config Yes
CodeSafe Factory state
► Remote Config Options
Shutdown/Reboot
▼

▼
© Entrust Corporation
 Any Questions?

www.ncipher.com
255
Why CodeSafe?
▌Applications running on servers rely on OS security
◦ Is process memory protected?
◦ Can your application be patched to alter its behavior?
◦ Can other applications use your keys?

▌Critical code can be moved inside the HSM

◦ Codesafe runs within the FIPS boundary of the HSM. Unprotected memory

◦ Code and memory protected in same manner as keys.

◦ Machine can accept input and provide output to the outside world.
Protected in FIPS boundary

▌One CodeSafe machine per HSM

◦ HSM must have CodeSafe feature enabled.

© Entrust Corporation
Without CodeSafe: example operation

HTTPS

User
Login Successful
Database

Application server

© Entrust Corporation
With CodeSafe: example operation

HTTP
S

UserLogin Successful
Database

IMPath
Application server

HSM with CodeSafe

© Entrust Corporation
 nCSE
nShield Certified Systems Engineer
nCipher Technical Support

www.ncipher.com
Help Center

Log and monitor support tickets

Search knowledgebase and FAQs
Download documents

https://nshieldsupport.entrust.com/hc/en-us
267 © Entrust Corporation 4/13/2021
 Any Questions?

www.ncipher.com
268
Exam – nCSE Certification
nShield Certified System Engineer Exam:
o 50 minutes
o 30 Questions
o 70% pass
o Multiple Choice
o One right answer

© Entrust Corporation
270 © Entrust Corporation 4/13/2021
ENABLING A WORLD WITH TRUST

© Entrust Corporation