Installing the nShield Key Attestation Verifier

Always download the nShield Key Attestation Verifier from a trusted source. Verify the integrity after it has been downloaded. You can verify the integrity by using the hash provided at the software download, or obtained from a trusted source.

Before you install the nShield Key Attestation Verifier:

See the latest Release Notes at https://nshieldsupport.entrust.com/hc/en-us/sections/360001115837-Release-Notes for hardware and software compatibility, and known and fixed issues.
Determine whether the nShield Key Attestation Verifier will be installed as a standalone tool, or installed alongside an existing Security World software installation.
If you have any instances of the nShield Key Attestation Verifier currently installed, remove them as described in Uninstall the nShield Key Attestation Verifier.

nShield Security World software v13.5 onward includes the nfkmattest tool as part of the main installation. Use the steps on this page for standalone installation or if installing on top of Security World v13.4.

Install the nShield Key Attestation Verifier

If performing a standalone installation, the following paths should not already exist:

On Windows: C:\Program Files\nCipher\nfast
On Linux: /opt/nfast

Windows:

To install the nShield Key Attestation Verifier on Windows:

Download and mount keyattest-Common-<version>.iso.
In an administrator command prompt, change to where the ISO is mounted.
Run nShieldKeyAttestSetup.bat, specifying: -s (or --standalone) for a standalone installation, or -n (or --nshield-upgrade) to install alongside an existing Security World software installation. For example, to install as a standalone installation:
```
nShieldKeyAttestSetup.bat -s
```

On completion, nfkmattest will exist in C:\Program Files\nCipher\nfast\bin.

Linux:

To install the nShield Key Attestation Verifier on Linux:

Download and mount keyattest-Common-<version>.iso.
In a command prompt, change to where the ISO is mounted.
Run nShieldKeyAttestSetup.sh, specifying: -s (or --standalone) for a standalone installation, or -n (or --nshield-upgrade) to install alongside an existing Security World software installation. For example, to install alongside an existing Security World software installation:
```
sudo ./nShieldKeyAttestSetup.sh -n
```

On completion, nfkmattest will exist in /opt/nfast/bin.

Uninstall the nShield Key Attestation Verifier

Remove the nShield Key Attestation Verifier with the nShieldKeyAttestSetup script in the version that you are uninstalling. You cannot uninstall this tool using the script from a different release.

Performing a standalone uninstall will remove the following:

On Windows: C:\Program Files\nCipher\nfast
On Linux: /opt/nfast

Files which need to be retained should be backed up before uninstalling.

Windows

To uninstall the nShield Key Attestation Verifier on Windows:

In an administrator command prompt, change to the installation script location:
- Standalone: C:\Program Files\nCipher\nfast\python3\nfkmattest.uninstall
- Alongside an existing Security World: %NFAST_HOME%\python3\nfkmattest.uninstall
Run nShieldKeyAttestSetup.bat with the --uninstall option - specifying: -s (or --standalone) if installed as a standalone installation, or -n (or --nshield-upgrade) if installed alongside an existing Security World software installation. For example, to uninstall a standalone installation:
```
nShieldKeyAttestSetup.bat -s --uninstall
```

Linux:

To uninstall the nShield Key Attestation Verifier on Linux:

In a command prompt, change to opt/nfast/python3/nfkmattest.uninstall.
Run nShieldKeyAttestSetup.sh with the --uninstall option - specifying: -s (or --standalone) if installed as a standalone installation, or -n (or --nshield-upgrade) if installed alongside an existing Security World software installation. For example, to uninstall if installed alongside an existing Security World software installation:
```
sudo ./nShieldKeyAttestSetup.sh -n --uninstall
```