Authorized Card List

Controls the use of Remote Administration cards. If the serial number of a card does not appear in the Authorized Card List, it is not recognized by the system and cannot be used. The list only applies to Remote Administration cards.

Access Control List (ACL)

An Access Control List is a set of information contained within a key that specifies what operations can be performed with the associated key object and what authorization is required to perform each of those operations.

Administrator Card Set (ACS)

Part of the Security World architecture, an Administrator Card Set (ACS) is a set of smart cards used to control access to Security World configuration, as well as recovery and replacement operations.

The Administrator Cards containing share in the logical tokens that protect the Security World keys, including KNSO, the key-recovery key, and the recovery authorization keys. Each card contains one share from each token. The ACS is created using the well-known module key so that it can be loaded onto any nShield module.

Advanced Encryption Standard (AES)

The Advanced Encryption Standard (AES) is a block cipher adopted as an encryption standard by the US government and officially documented as US FIPS PUB 197 (FIPS 197). Originally only used for non-classified data, AES was also approved for use with for classified data in June 2003. Like its predecessor, the Data Encryption Standard (DES), AES has been analyzed extensively and is now widely used around the world.

Although AES is often referred to as Rijndael (the cipher having been submitted to the AES selection process under that name by its developers, Joan Daemen and Vincent Rijmen), these are not precisely the same cipher. Technically, Rijndael supports a larger range of block and key sizes (at any multiple of 32 bits, to a minimum of 128 bits and a maximum of 256 bits); AES has a fixed block size of 128 bits and only supports key sizes of 128, 192, or 256 bits.

Audit logging

Audit logging, also known as syslog-sign, adds a number of control messages to the log entries that are to be audited:

  • Logs generated and signed on HSM

  • Tamper detection

  • Deletion Detection

  • Optional key usage logging

  • Public key verification of audit logs

  • Compatibility with syslog and SIEM.


The bootloader is the program that boots the HSM and loads the main application. nShield Solo and nShield Connect integrate the bootloader into the main firmware. nShield Solo XC and nShield 5s have discrete bootloader programs.


CAST is a symmetric encryption algorithm with a 64-bit block size and a key size of between 40 bits to 128 bits (but only in 8-bit increments).

client identifier: RSC

This notation represents an arbitrary number used to identify a client. In the nCore API, all client identifiers are 20 bytes long.

Data Encryption Standard (DES)

The Data Encryption Standard (DES) is a symmetric cipher approved by NIST for use with US Government messages that are Secure but not Classified. The implementation of DES used in the module has been validated by NIST. DES uses a 64-bit block and a 56-bit key. DES keys are padded to 64 bits with 8 parity bits.


The Diffie-Hellman algorithm was the first commercially published public key algorithm. The Diffie-Hellman algorithm can only be used for key exchange.literal -

Digital Signature Algorithm (DSA)

Also known as the Digital Signature Standard (DSS), the Digital Signature Algorithm (DSA) is a digital signature mechanism approved by NIST for use with US Government messages that are Secure but not Classified. The implementation of the DSA used by nShield modules has been validated by NIST as complying with FIPS 186.

Digital Signature Standard (DSS)

See Digital Signature Algorithm

Dynamic Slot

Virtual card slots that can be associated with a card reader connected to a remote computer. Remote Administration Slots are in addition to the local slot of an HSM and any soft card slot that may be available. HSMs have to be configured to support between zero (default) and 16 Remote Administration Slots.


A variant of the Diffie-Hellman anonymous key agreement protocol which uses elliptic curve cryptography.

See also Diffie-Hellman


Elliptic Curve DSA: a variant of the Digital Signature Algorithm (DSA) which uses elliptic curve cryptography.


Elliptic Curve Integrated Encryption Scheme; a variant of the Integrated Encryption Scheme (sometimes known as Augmented Encryption Scheme) which uses elliptic curve cryptography. It is a hybrid encryption scheme providing semantic security against chosen-plaintext and chosen-ciphertext attacks.

Security World software supports ECIES key wrap and unwrap only.


Edwards-curve DSA; a Digital Signature Algorithm (DSA) which uses a variant of Schnorr Signature based on Twisted Edwards curves.

nShield software supports the Edwards 25519 curve and its prehash variant, Ed25519ph. The context variant, Ed25519ctx, is not supported. Keys generated using the Ed25519 algorithm can be used for both Ed25519 and Ed25519ph signature operations.

encryption: {A}B

This notation indicates the result of A encrypted with key B.

Federal Information Processing Standards (FIPS)

The Federal Information Processing Standards (FIPS) were developed by the United States federal government for use by non-military government agencies and government contractors. FIPS 140 is a series of publications intended to coordinate the requirements and standards for cryptographic security modules, including both their hardware and software components.

All Security Worlds are compliant with FIPS 140-2. By default, Security Worlds are created to comply with FIPS 140-2 at level 2, but those customers who have a regulatory requirement for compliance with FIPS 140-2 at level 3 can also choose to create a Security World that meets those requirements.

For more details about FIPS 140-2, see


The hardserver software controls communication between applications and nShield modules, which may be installed locally or remotely. It runs as a service on the host computer. The behavior of the hardserver is controlled by the settings in the hardserver configuration file.

The hardserver software controls communication between the internal hardware security module and applications on the network. The module hardserver is configured using the front panel on the module or by means of uploaded configuration data. Configuration data is stored on the module and in files in a specially configured file system on each client computer.

hardware security module (HSM)

A hardware security module (commonly referred to as an HSM) is a hardware device used to hold cryptographic keys and software securely.

Hash: H(X)

This notation indicates a fixed length result that can be obtained from a variable length input and that can be used to identify the input without revealing any other information about it. The nShield module uses the Secure Hash Algorithm (SHA-1) for its internal security.

Identifier hash: HID(X)

An identifier hash is a hash that uniquely identifies a given object (for example, a key) without revealing the data within that object. The module calculates the identity hash of an object by hashing together the object type and the key material. The identity hash has the following properties:

  • HID is not modified by any operations on the key (for example, altering the ACL, the application data field, or other modes and flags)

  • HID is the same for both public and private halves of a key pair.

Unique data is added to the hash so that a HID is most unlikely to be the same as any other hash value that might be derived from the key material.

Key blob

A key blob is a key object with its ACL and application data encrypted by a module key, a logical token, or a recovery key. Key blobs are used for the long-term storage of keys. Blobs are cryptographically secure; they can be stored on the host computer’s hard disk and are only readable by units that have access to the same module key.

Key object: KA

This is a key object to be kept securely by the module. A key object may be a private key, a public counterpart to a private key, a key for a symmetric cipher (MAC or some other symmetric algorithm), or an arbitrary block of data. Applications can use this last type to allow the module to protect any other data items in the same way that it protects cryptographic keys. Each key object is stored with an ACL and a 20-byte data block that the application can use to hold any relevant information.


When a key object KA is loaded within the module’s RAM, it is given a short identifier or handle that is notated as IDKA. This is a transient identifier, not to be confused with the key hash HID(KA).

Logical token: KT

A logical token is a key used to protect key blobs. A logical token is generated on the nShield module and never revealed, except as shares.


This notation indicates a MAC (Message Authentication Code) created using key KC.

Main Processor

The Solo-XC and nShield 5s HSMs are multi-processor systems. All code interfaced directly by the end-user is executed on the main processor. The main processor is sometimes abbreviated to MP when it appears in diagnostic messages and logs.


See Hardware Security Module

Module key: KM

A module key is a cryptographic key generated by each nShield module at the time of initialization and stored within the module. It is used to wrap key blobs and key shares for tokens. Module keys can be shared across several modules to create a larger Security World.

All modules include two module keys:

  • module key zero KM0, a module key generated when the module is initialized and never revealed outside the module.

  • null, or well-known module key KMWK.

You can program extra module keys into a module.

Module signing key: KML

The module signing key is the module’s public key. It is used to issue certificates signed by the module. Each module generates its own unique KML and KML-1 values when it is initialized. The private half of this key pair, KML-1, is never revealed outside the module.


Multi-tenancy is the ability for a single physical HSM to act as a number of virtual HSMs and thus provide services to a number of different users or tenants. The different tenants are separated cryptographically to ensure that their data cannot be accessed by any other tenant. The nShield 5s HSM has been prepared so that it will be able to provide multi-tenant services in future.

nShield master feature enable key KSA

Certain features of the module firmware are available as options. These features must be purchased separately from Entrust. To use a feature on a specific module, you require a certificate from Entrust signed by KSA. These certificates include the electronic serial number for the module.

nShield Remote Administration Card

Smart cards that are capable of negotiating cryptographically secure connections with an HSM, using warrants as the root of trust. nShield Remote Administration Cards can also be used in the local slot of an HSM if required. You must use nShield Remote Administration Cards with Remote Administration.

nShield Security Officer’s key: KNSO-1

The notation KNSO-1 indicates the Security Officer’s signing key. This key is usually a key to a public-key signature algorithm.

nShield Trusted Verification Device

A smart card reader that allows the card holder to securely confirm the Electronic Serial Number (ESN) of the HSM to which they want to connect, using the display of the device. Entrust supplies and recommends the nShield Trusted Verification Device for use with Remote Administration.

Null module key: KMWK

The null module key is used to create Logical Tokens that can be loaded onto any Module (e.g. used when initializing a Security World). The null module key is a symmetric key with a well-known hash and value. As its value is well known, the null module key cannot be used to protect the integrity or confidentiality of any data. It is not possible to create key blobs protected by the null module key. It is possible to create a Logical Token protected by the null module key, but any key (protected by this Logical Token) must have the ACL entry AllowNullKMToken set.

Operator Card Set (OCS)

Part of the Security World architecture, an Operator Card Set (OCS) is a set of smart cards containing shares of the logical tokens that is used to control access to application keys within a Security World. OCSs are protected using the Security World key, and therefore they cannot be used outside the Security World.

Recovery key: KRA

The recovery key is the public key of the key recovery agent.

Remote access solution

The remote access solution, such as SSH or a remote desktop application, which is used as standard by your organization. Enables you to carry out Security World administrative tasks from a different location to that of an nShield HSM.

For example, the remote access solution is used to run Security World utilities remotely and to enter passphrases.

Entrust does not provide this software.

Remote Administration

An optional Security World feature that enables Remote Administration card holders to present their cards to an HSM located elsewhere. For example, the card holder may be in an office, while the HSM is in a data center. Remote Administration supports the ACS, as well as persistent and non-persistent OCS cards, and allows all smart card operations to be carried out, apart from loading feature certificates.

nShield Remote Administration Client

A GUI or command-line interface that enables you to select an HSM located elsewhere from a list provided by the Remote Administration Service, and associate a card reader attached to your computer with the HSM. Resides on your local Windows, Mac, or Linux-based computer.

Remote Administration Service

Enables secure communications between an nShield Remote Administration Card and the hardserver that is connected to the appropriate HSM. Listens for incoming connection requests from nShield Remote Administration Clients. Supplies a list of available HSMs to the nShield Remote Administration Client and maintains an association between the relevant card reader and the HSM.


See Advanced Encryption Standard

Salt: X

The random value, or salt, is used in some commands to discourage brute force searching for keys.

Security processor

The nShield Solo XC and nShield 5s HSMs are multi-processor systems. The security processor monitors the HSM to ensure secure operation at all times. If the security processor detects an insecure situation, it places the HSM in an error state in which cryptographic operations are prohibited. The security processor is sometimes abbreviated to SP when it appears in diagnostic messages and logs.

See also Main Processor

Security World

The Security World technology provides an infrastructure for secure lifecycle management of keys. A Security World consists of at least one HSM, some cryptographic key and certificate data encrypted by a Security World key and stored on at least one host computer, a set of Administrator Cards used to control access to Security World configuration, recovery and replacement operations, and optionally one or more sets of Operator Cards used to control access to application keys.

Security World key: KMSW

The Security World key is the module key that is present on all modules in a Security World. Each Security World has a unique Security World key. This key is generated randomly when the Security World is created, and it is stored as a key blob protected by the ACS.

Share: KTi

The notation KTi indicates a share of a logical token. Shares can be stored on smart cards or software tokens. Each share is encrypted under a separate share key.

Share key: KSi

A share key is a key used to protect an individual share in a token. Share keys are created from a Security World key, a pass phrase, and a salt value.

Standard nShield Cards

Smart cards used in the local slot of an HSM. Standard nShield cards are not supported for use with Remote Administration.

Tamper Resistance

Hardening a device so that tamper attempts are more difficult (require specialized tools and take more time, e.g. potting and using hardened containers).

Tamper Evidence

Using materials or mechanism that will indicate, under visual inspection, that a tamper has occurred (e.g. tamper evident labels).

Tamper Detection

Mechanisms that indicate when a potential tamper is occurring (e.g. temperature sensors, that indicate when the temperature of the device’s environment has exceeded a preset threshold).

Tamper Response

An automatic reaction to a tamper being detected (e.g. purge of the sensitive data).

Triple DES

Triple DES is a highly secure variant of the Data Encryption Standard (DES) algorithm in which the message is encrypted three times.