Topic
14 replies Latest Post - ‏2012-10-19T07:51:07Z by Newbie_DP
Newbie_DP
Newbie_DP
22 Posts
ACCEPTED ANSWER

Pinned topic How to implement HSM in DataPower?

‏2012-08-24T08:07:06Z |
Please let me know how to implement HSM in DataPower.

Requirement:-
component needs to be implemented in DP (where HSM is plugged in DP) and an endpoint in DP then will invoke post request (through requested environment) to host n response xml file will be transfered to requested environment.
Updated on 2012-10-19T07:51:07Z at 2012-10-19T07:51:07Z by Newbie_DP
  • kenhygh
    kenhygh
    1412 Posts
    ACCEPTED ANSWER

    Re: How to implement HSM in DataPower?

    ‏2012-08-24T10:16:56Z  in response to Newbie_DP
    A good place to start is Google :-)

    Which has this technote: http://www-01.ibm.com/support/docview.wss?uid=swg21412060

    and there's always the product documentation:
    http://www-01.ibm.com/common/ssi/rep_ca/3/897/ENUS111-163/ENUS111-163.PDF is the announcement
    and
    http://pic.dhe.ibm.com/infocenter/wsdatap/v5r0m0/index.jsp?topic=%2Fcom.ibm.dp.xi.doc%2Fwelcome.htm is the InfoCenter

    Ken
  • Newbie_DP
    Newbie_DP
    22 Posts
    ACCEPTED ANSWER

    Re: How to implement HSM in DataPower?

    ‏2012-09-15T07:10:08Z  in response to Newbie_DP
    Although i saw it on d same day. Thanks for your response kenhygh!

    About HSM i have an idea now n the below link explain what exactly i want to implement :-)

    http://www.ibm.com/developerworks/websphere/techjournal/0903_peterson/0903_peterson.html
    • irazabal
      irazabal
      218 Posts
      ACCEPTED ANSWER

      Re: How to implement HSM in DataPower?

      ‏2012-09-15T17:46:50Z  in response to Newbie_DP
      That article is a bit dated...DP has much stronger REST support as of firmware 4.X.X.X...I suggest you read the latest documentation before following the article too closely. Good article though :)
      Alex
  • Newbie_DP
    Newbie_DP
    22 Posts
    ACCEPTED ANSWER

    Re: How to implement HSM in DataPower?

    ‏2012-09-15T18:05:42Z  in response to Newbie_DP
    Thank you Alex. we'll go through d doc but the dp framework on which i am working is 3.8.02

    Btw can u help me with transferring attachment through dp? i am confused in that?
    • irazabal
      irazabal
      218 Posts
      ACCEPTED ANSWER

      Re: How to implement HSM in DataPower?

      ‏2012-09-15T18:13:03Z  in response to Newbie_DP
      sure...what are the details? MIME?
  • Newbie_DP
    Newbie_DP
    22 Posts
    ACCEPTED ANSWER

    Re: How to implement HSM in DataPower?

    ‏2012-09-15T18:26:30Z  in response to Newbie_DP
    Thank you for ur response.

    What i have to do is-
    1. i have to create a stub data so whenever i call it thn i should get a response with attachment (eithr xml or pdf).

    so i've created an xml FW and getting a response with content of xml file but now i want that i should get a response with an attachment so dont know how to proceed.

    I referred the below links but i am confused i.e.
    1. how to attach a file in xml stub (xml is my stub n i thought may b i cn attach a file in that)?
    2. n if i call xsl (which is a stub) then how to attach a file in that?

    -
    https://www.ibm.com/developerworks/forums/thread.jspa?messageID=14878439&#14878439

    https://www.ibm.com/developerworks/forums/thread.jspa?messageID=14685094&#14685094

    http://www-01.ibm.com/support/docview.wss?uid=swg27019119&aid=1#page=8

    Pls let me know if i am not clear n will explain it in detail.
  • Newbie_DP
    Newbie_DP
    22 Posts
    ACCEPTED ANSWER

    Re: How to implement HSM in DataPower?

    ‏2012-09-27T13:14:01Z  in response to Newbie_DP
    Hi Hermann / Ken / All,

    Could you please share any document which give complete overview of HSM and How to implement HSM with Datapower.

    DP - XI50
    DP firmware- 3.8.2

    I visited below links but didnt found sufficient information.
    http://publib.boulder.ibm.com/infocenter/wsdatap/v4r0m2/index.jsp?topic=%2Fcom.ibm.dp.doc%2Frohs_hsmguide.htm

    http://publib.boulder.ibm.com/infocenter/wsdatap/v3r8m1/topic/xi50/ROHS_HSMGuide.pdf

    Also please share the below guide if you have that -
    IBM WebSphere DataPower SOA Appliances: Hardware Security Module Guide

    Thanks!
    • kenhygh
      kenhygh
      1412 Posts
      ACCEPTED ANSWER

      Re: How to implement HSM in DataPower?

      ‏2012-09-27T17:03:47Z  in response to Newbie_DP
      Start at http://publib.boulder.ibm.com/infocenter/wsdatap/v4r0m2/index.jsp?topic=%2Fcom.ibm.dp.xi.doc%2Fwelcome.htm

      DataPower SOA Appliances -> Hardware Security Module (HSM) -> Type 9235: HSM

      BTW, your machine had to come from the factory with HSM, it cannot be added after the fact.

      Ken
  • Newbie_DP
    Newbie_DP
    22 Posts
    ACCEPTED ANSWER

    Re: How to implement HSM in DataPower?

    ‏2012-09-28T04:48:30Z  in response to Newbie_DP
    Thank You Ken :)
  • Newbie_DP
    Newbie_DP
    22 Posts
    ACCEPTED ANSWER

    Re: How to implement HSM in DataPower?

    ‏2012-10-14T08:58:38Z  in response to Newbie_DP
    Hi ken,

    i need ur help i.e.
    i hve to configure HSM so hve a DP with HSM in it.

    • Need to configure FIPS 140-2 Security Level 2 and FIPS Level 2 does not required PED.
    so now how shall i proceed?
    As the device which i have shows the stauts as "fully operational" i.e.
    Crypto Accelerator Type - HSM 1
    Crypto Accelerator Status - fully operational
    Crypto Accelerator FIPS 140-2 level - 2
    crypto accelerator FIPS 140-2 Role - Crypto User (CU)

    So now it seems that everything is implemented thn how shall i proceed? wht i suppose to do?
    • i mean do i hve to export the key following the steps mentioned in below link and thn share the cert with other party to whom DP will send the request or wht?
    http://publib.boulder.ibm.com/infocenter/wsdatap/v4r0m2/index.jsp?topic=%2Fcom.ibm.dp.doc%2Frohs_hsmguide.htm
  • Newbie_DP
    Newbie_DP
    22 Posts
    ACCEPTED ANSWER

    Re: How to implement HSM in DataPower?

    ‏2012-10-16T10:11:58Z  in response to Newbie_DP
    Hi Hermann / All,

    Please let me know if u can help me in this.

    i've gone through below link but even thn dont know how to proceed.
    http://publib.boulder.ibm.com/infocenter/wsdatap/v4r0m2/index.jsp?topic=%2Fcom.ibm.dp.doc%2Frohs_hsmguide.htm

    Question. i have a DP box XI50 firmware 4.0.2.7 and want to configure HSM (FIPS 140-2 leve 2) and dont know how to proceed.
    -> how to generate key? (through crypto tools option?).
    -> once the key is generated thn how to configure it?

    could u please share sample steps to configure hsm. or anything that is helpful to me.
    • HermannSW
      HermannSW
      4327 Posts
      ACCEPTED ANSWER

      Re: How to implement HSM in DataPower?

      ‏2012-10-18T07:25:36Z  in response to Newbie_DP
      Hi,
      >
      > i've gone through below link but even thn dont know how to proceed.
      > http://publib.boulder.ibm.com/infocenter/wsdatap/v4r0m2/index.jsp?topic=%2Fcom.ibm.dp.doc%2Frohs_hsmguide.htm
      >
      that is the correct link.

      > Question. i have a DP box XI50 firmware 4.0.2.7 and want to configure HSM (FIPS 140-2 leve 2) and dont know how to proceed.
      > -> how to generate key? (through crypto tools option?).
      >
      yes, its mentioned under "Appendix A, Generating keys":
      http://publib.boulder.ibm.com/infocenter/wsdatap/v4r0m2/index.jsp?topic=%2Fcom.ibm.dp.doc%2Frohs_hsmguide29.htm&path=0_1_1_5_0

      > -> once the key is generated thn how to configure it?
      >
      From the keys page:
      "If Generate Key and Certificate Objects is enabled, creates a Key object and a Certificate object"

       
      Hermann<myXsltBlog/> <myXsltTweets/>
  • Newbie_DP
    Newbie_DP
    22 Posts
    ACCEPTED ANSWER

    Re: How to implement HSM in DataPower?

    ‏2012-10-19T07:51:07Z  in response to Newbie_DP
    Hi Hermann,

    With your suggestion i am able to get exact steps what i want to do. Thank you for ur help.

    I have another query i.e. What is the difference when the key is generated through crypto tools option from Old XI50 DP without HSM with firmware 3.8.2.11 and when the key is generated from new XI50 DP with HSM with firmware 4.0.2.7.
    FYI - New XI50 DP (4.0.2.7) have FIPS 140-2 level 2 as fully operational.
    So is it the key that is generated which makes the difference? n it will be generated following FIPS 140-2 level 2 or what i've to do to ensure that i am using HSM.

    Thanks & Regards!