View cards and softcards

It is often necessary to obtain information from card sets, usually because for security reasons they are left without any identifying markings.

To view details of all the Operator Cards in a Security World or details of an individual Operator Card, you can use:

nfkminfo
the front panel (only on network-attached HSMs)
KeySafe

To check which passphrase is associated with a card, you can use:

cardpp
the front panel (only on network-attached HSMs)

To list all softcards in a Security World or to show details of an individual softcard, you can use the ppmk or nfkminfo command-line utilities. To check which passphrase is associated with a softcard, you can use the ppmk command-line utility.

View card sets using an nShield network-attached HSM front panel

You can use the unit front panel to view details of all the Operator Cards in a Security World or to view details of an individual Operator Card.

To view a list of all the card sets in the Security World, from the front panel select Security World mgmt > Cardset operations > List cardsets.

To view details of a single card using the unit front panel:

Insert the card into the unit.
From the main menu, select Security World mgmt > Card operations > Card details.
The type of the card (Administrator or Operator) is displayed with the number of the card in the card set.

View card sets with KeySafe

You can use KeySafe to view details of all the Operator Cards in a Security World, details of individual OCSs or details of an individual Operator Card.

Examine card

In order to view information about individual cards with KeySafe, follow these steps:

Start KeySafe. (For an introduction to KeySafe and information on starting the software, see Using KeySafe.)
Click the Card Sets menu button, or select the Card sets menu item from the Manage menu. KeySafe takes you to the List Operator Card Sets panel.
Click Examine/Change Card to open the Examine/Change Card panel.
Insert a card into the appropriate smart card slot. KeySafe displays information about the smart card currently in the slot. If there is no smart card in the slot, KeySafe displays a message Card slot empty - please insert the card that you want to examine.

From the Examine/Change Card panel, you can also:

Change a card’s passphrase (if it has one)
Give a passphrase to a card that does not already have one
Remove a passphrase from a card that currently has one
Erase the card.

List an Operator Card Set

In order to view information about whole OCSs with KeySafe, follow these steps:

Start KeySafe. (For an introduction to KeySafe and information on starting the software, see Using KeySafe.)
Click the Card Sets menu button, or select the Card sets menu item from the Manage menu. KeySafe takes you to the List Operator Card Sets panel, which displays information about all OCSs in the current Security World.

From the List Operator Card Sets panel, you can also:

Examine / change a card (see Examine card)
Create a new card set (see Softcards)
Replace an Operator Card Set (see Replace OCS and softcards)
PCIe and USB HSMs: Replace an Administrator Card Set (see Replace the ACS)
Discard a card set (see Erase cards and softcards).

View card sets using the command line

You can use the nfkminfo command-line utility to view details of either all the Operator Cards in a Security World or of an individual Operator Card.

To list the OCSs in the current Security World from the command line, open a command window, and give the command:

nfkminfo --cardset-list

In this command, --cardset-list specifies that you want to list the operator card sets in the current Security World.

nfkminfo displays output information similar to the following:

Cardset summary - 1 cardsets:              (in timeout, P=persistent, N=not)
 Operator logical token hash                    k/n timeout name
hash                                           1/1 none-N name

To list information for a specific card, use the command:

nfkminfo <TOKENHASH>

In this command, <TOKENHASH> is the Operator logical token hash of the card (as listed when the command nfkminfo --cardset-list is run).

This command displays output information similar to the following:

name            "name"
k-out-of-n      1/1
flags           NotPersistent
timeout         none
card names      ""
hkltu           794ada39038fa8c4e9ea46a24136bbb2b8b337f2

Not all software can give names to individual cards.

View softcards

To view softcards, use KeySafe or the command line. The command line provides several options for viewing softcard information.

View softcards with KeySafe

To view a softcard with KeySafe, follow these steps:

Start KeySafe.
Click the Softcards menu button. KeySafe takes you to the Softcard Operations panel.
Click the List Softcards navigation button. KeySafe takes you to the List Softcards panel, which displays information about all softcards in the current Security World.

From the List Softcards panel, you can also choose to remove a softcard from the Security World. For more information about this procedure, see [ErasingCards].

View softcards with nfkminfo

To list the softcards in the current Security World using the nfkminfo command-line utility, give the command:

nfkminfo --softcard-list

In this command --softcard-list specifies that you want to list the softcards in the current Security World.

To show information for a specific softcard using the nfkminfo command-line utility, give the command:

nfkminfo --softcard-list <IDENT>

In this command <IDENT> is the softcard’s logical token hash (as given by running the command nfkminfo --softcard-list). This command displays output information similar to the following:

SoftCard
 name       "mysoftcard"
 hkltu      7fb95888ea2850d4e3ffcc8f0c22100937344308
Keys protected by softcard 7fb95888ea2850d4e3ffcc8f0c22100937344308:
 AppName simple               Ident mykey
 AppName simple               Ident myotherkey

View softcards with ppmk

To list the softcards in the current Security World using the ppmk command-line utility, use the command:

ppmk --list

In this command --list specifies that you want to list the softcards in the current Security World.

In order to view the details of a particular softcard using the ppmk command-line utility, give the command:

ppmk --info <NAME>|<IDENT>

In this command, you can identify the softcard whose details you want to view either by its name (<NAME>) or by its logical token hash (as given by running the command nfkminfo --softcard-list).