Sample HSM configuration files
You can use one of the sample HSM configuration files to create one on the IBM® Security Guardium® Key Lifecycle Manager server.
- Sample HSM configuration file for Gemalto/SafeNet Luna SA
-
name = TKLM library=C:/Program Files/LunaSA/cryptoki.dll description=Luna sample config slotListIndex = 0 attributes (*, CKO_PRIVATE_KEY, *) = { CKA_SENSITIVE = true } attributes (GENERATE, CKO_SECRET_KEY, *) = { CKA_SENSITIVE = true CKA_ENCRYPT = true CKA_DECRYPT = true } attributes (IMPORT, CKO_PUBLIC_KEY, *) = { CKA_VERIFY = true }
Note: For the name parameter, you must always specify the value TKLM. - Sample HSM configuration file for Entrust nShield Connect 1500
-
name = TKLM library=C:/nCipher/nfast/cknfast.dll description= nCipher sample config for TKLM slotListIndex=1 attributes(*, CKO_SECRET_KEY, *) = { CKA_ENCRYPT=true CKA_DECRYPT=true CKA_SENSITIVE=true CKA_TOKEN=true } attributes(*, CKO_PRIVATE_KEY, *) = { CKA_SIGN=true CKA_SENSITIVE=false # CKA_DERIVE=true # when using KeyAgreement CKA_DERIVE should # set to true and CKA_SIGN should set to false } attributes(GENERATE, CKO_PUBLIC_KEY, *) = { CKA_VERIFY=true } attributes(GENERATE, CKO_PRIVATE_KEY, CKK_RSA) = { CKA_DECRYPT=true CKA_UNWRAP=true CKA_EXTRACTABLE=true } attributes(*, CKO_PUBLIC_KEY, CKK_RSA) = { CKA_ENCRYPT=true CKA_WRAP=true CKA_VERIFY=true } attributes(IMPORT, CKO_PRIVATE_KEY, CKK_RSA) = { CKA_EXTRACTABLE=true CKA_DECRYPT=true CKA_UNWRAP=true CKA_DERIVE=true }
Note: For the name parameter, you must always specify the value TKLM.