Introduction

The Entrust Cryptographic Security Platform (CSP) is a versatile and robust virtual appliance that streamlines and simplifies deployment across various environments of the following Entrust solutions: Certificate Authority, CA Gateway, Certificate Enrollment Gateway, Certificate Hub, Timestamping Authority, and Validation Authority. The Entrust CSP - Timestamping Authority (TSA) responds to timestamp requests to prove the existence of certain data before a given time. The Entrust nShield Hardware Security Module (HSM) securely store and manage the timestamp signing key. This document describes how to integrate the TSA with the HSM.

The HSM is available as an appliance or nShield as a Service (nSaaS). Throughout this guide, the term HSM refers to nShield Solo, nShield Connect, and nShield Edge products.

Product configuration

Entrust tested the integration with the following versions:

Product	Version
Entrust Timestamping Authority	v2.1.1
Entrust Deployment Manager	v2.0.1

Product

Version

Entrust Timestamping Authority

v2.1.1

Entrust Deployment Manager

v2.0.1

Supported nShield hardware and software versions

Entrust has successfully tested with the following nShield hardware and software versions:

HSM	Security World Software	Firmware	Netimage
nShield 5c	13.6.8	13.4.5 (FIPS 140-3 certified)	13.6.7
Connect XC	13.6.8	12.72.3 (FIPS 140-2 certified)	13.6.7

Requirements

Access to the Entrust TrustedCare Portal.
A dedicated virtual appliance for the installation.

Familiarize yourself with:

The Entrust Timestamping Authority Documents (use your TrustedCare credentials to log in).
The nShield documentation.
Your organizational Certificate Policy, Certificate Practice Statement, and a Security Policy or Procedure covering administration of the Entrust Timestamping Authority and HSM:
Whether your Security World must comply with FIPS 140 Level 3 or Common Criteria standards. For more information see FIPS 140 Level 3 compliance:
- The importance of a correct quorum for the Administrator Card Set (ACS) and the policy for managing these cards.
- The importance of a correct quorum for the Operator Card Set (OCS) and the policy for managing these cards.
- Key attributes such as key size, time-out, or needed for auditing key usage.
- Whether to instantiate the Security World as recoverable or not.