Creating other nodes by using the CNI utility

Edit online

Creating a CNI list for the CCA Node Initialization (CNI) utility, allows to load keys and access control data stored on disk into other cryptographic nodes without running the CNM utility on those target nodes.

To set up a node using the CNI utility, complete the following steps:
  1. Start the CCA Node Management utility by entering the csufcnm command. The CNM utility logo and the main panel displays.
  2. Save to the host or portable media like a diskette the access control data and keys you want to install on other nodes. When you run the CNI utility on the target node, it searches the identical directory path for each file. For example:
    • If you save a user profile to the established node directory c:\IBM4764\profiles, the CNI utility searches the target node directory c:\IBM4764\profiles.
    • If you save a user profile to the diskette directory a:\profiles, the CNI utility will search the target node directory a:\profiles.
  3. From the File menu, click CNI Editor. The CCA Node Initialization Editor window displays as shown in Figure 1.
    Figure 1. CCA Node Initialization Editor window
    CCA Node Initialization Editor window

    The list in the top pane of the window displays the functions that can be added to the CNI list. The bottom pane lists the functions included in the current CNI list. References to master keys in the list refer to the DES and PKA master keys.

  4. Add the functions you want. To add a function to the CNI list:
    1. Highlight a function.
    2. Click Add. The function is added to the CNI list.
      Note: If the function you choose loads a data object, such as a key part, key-storage file, user profile, or role, you are prompted to enter the file name or the ID of the object to be loaded.
  5. Using the Move Up and Move Down buttons, organize the functions to reflect the same order you follow when using the CNM utility. For example, if you are loading access control data.
  6. Click Verify to confirm that objects have been created correctly.
  7. Click Save. You are prompted to select a name and directory location for the CNI list file.
  8. Save the CNI list file. The list file does not contain the data objects specified in the CNI list.
  9. Copy the files needed by the CNI utility to target host directory locations that mirror their locations on the source host. If you saved the files to portable media, insert the media into the target node.
  10. From the target node, run the list using the CNI utility by entering the csufcni command.

    If the CNI list includes a logon, enter csulcni or csuncni on the command line (without specifying a file name). The CNI utility help information describes the syntax for entering an ID and passphrase.

    The CNI utility loads files to the coprocessor from the host or portable media, as specified by the CNI list.