View cards and softcards
It is often necessary to obtain information from card sets, usually because for security reasons they are left without any identifying markings.
To view details of all the Operator Cards in a Security World or details of an individual Operator Card, you can use:
-
the front panel (only on network-attached HSMs)
To check which passphrase is associated with a card, you can use:
-
the front panel (only on network-attached HSMs)
To list all softcards in a Security World or to show details of an individual softcard, you can use the ppmk or nfkminfo command-line utilities.
To check which passphrase is associated with a softcard, you can use the ppmk command-line utility.
View card sets using an nShield network-attached HSM front panel
You can use the unit front panel to view details of all the Operator Cards in a Security World or to view details of an individual Operator Card.
To view a list of all the card sets in the Security World, from the front panel select Security World mgmt > Cardset operations > List cardsets.
To view details of a single card using the unit front panel:
-
Insert the card into the unit.
-
From the main menu, select Security World mgmt > Card operations > Card details.
-
The type of the card (Administrator or Operator) is displayed with the number of the card in the card set.
View card sets using the command line
You can use the nfkminfo command-line utility to view details of either all the Operator Cards in a Security World or of an individual Operator Card.
To list the OCSs in the current Security World from the command line, open a command window, and give the command:
nfkminfo --cardset-listIn this command, --cardset-list specifies that you want to list the operator card sets in the current Security World.
nfkminfo displays output information similar to the following:
Cardset summary - 1 cardsets: (in timeout, P=persistent, N=not)
Operator logical token hash k/n timeout name
hash 1/1 none-N nameTo list information for a specific card, use the command:
nfkminfo <TOKENHASH>In this command, <TOKENHASH> is the Operator logical token hash of the card (as listed when the command nfkminfo --cardset-list is run).
This command displays output information similar to the following:
name "name"
k-out-of-n 1/1
flags NotPersistent
timeout none
card names ""
hkltu 794ada39038fa8c4e9ea46a24136bbb2b8b337f2| Not all software can give names to individual cards. |
View softcards with nfkminfo
To list the softcards in the current Security World using the nfkminfo command-line utility, give the command:
nfkminfo --softcard-listIn this command --softcard-list specifies that you want to list the softcards in the current Security World.
To show information for a specific softcard using the nfkminfo command-line utility, give the command:
nfkminfo --softcard-list <IDENT>In this command <IDENT> is the softcard’s logical token hash (as given by running the command nfkminfo --softcard-list).
This command displays output information similar to the following:
SoftCard
name "mysoftcard"
hkltu 7fb95888ea2850d4e3ffcc8f0c22100937344308
Keys protected by softcard 7fb95888ea2850d4e3ffcc8f0c22100937344308:
AppName simple Ident mykey
AppName simple Ident myotherkeyView softcards with ppmk
To list the softcards in the current Security World using the ppmk command-line utility, use the command:
ppmk --listIn this command --list specifies that you want to list the softcards in the current Security World.
In order to view the details of a particular softcard using the ppmk command-line utility, give the command:
ppmk --info <NAME>|<IDENT>In this command, you can identify the softcard whose details you want to view either by its name (<NAME>) or by its logical token hash (as given by running the command nfkminfo --softcard-list).