View cards and softcards

It is often necessary to obtain information from card sets, usually because for security reasons they are left without any identifying markings.

To view details of all the Operator Cards in a Security World or details of an individual Operator Card, you can use:

  • nfkminfo

  • the front panel (only on network-attached HSMs)

To check which passphrase is associated with a card, you can use:

  • cardpp

  • the front panel (only on network-attached HSMs)

To list all softcards in a Security World or to show details of an individual softcard, you can use the ppmk or nfkminfo command-line utilities. To check which passphrase is associated with a softcard, you can use the ppmk command-line utility.

View card sets using an nShield network-attached HSM front panel

You can use the unit front panel to view details of all the Operator Cards in a Security World or to view details of an individual Operator Card.

To view a list of all the card sets in the Security World, from the front panel select Security World mgmt > Cardset operations > List cardsets.

To view details of a single card using the unit front panel:

  1. Insert the card into the unit.

  2. From the main menu, select Security World mgmt > Card operations > Card details.

  3. The type of the card (Administrator or Operator) is displayed with the number of the card in the card set.

View card sets using the command line

You can use the nfkminfo command-line utility to view details of either all the Operator Cards in a Security World or of an individual Operator Card.

To list the OCSs in the current Security World from the command line, open a command window, and give the command:

nfkminfo --cardset-list

In this command, --cardset-list specifies that you want to list the operator card sets in the current Security World.

nfkminfo displays output information similar to the following:

Cardset summary - 1 cardsets:              (in timeout, P=persistent, N=not)
 Operator logical token hash                    k/n timeout name
hash                                           1/1 none-N name

To list information for a specific card, use the command:

nfkminfo <TOKENHASH>

In this command, <TOKENHASH> is the Operator logical token hash of the card (as listed when the command nfkminfo --cardset-list is run).

This command displays output information similar to the following:

name            "name"
k-out-of-n      1/1
flags           NotPersistent
timeout         none
card names      ""
hkltu           794ada39038fa8c4e9ea46a24136bbb2b8b337f2
Not all software can give names to individual cards.

View softcards

View softcards with nfkminfo

To list the softcards in the current Security World using the nfkminfo command-line utility, give the command:

nfkminfo --softcard-list

In this command --softcard-list specifies that you want to list the softcards in the current Security World.

To show information for a specific softcard using the nfkminfo command-line utility, give the command:

nfkminfo --softcard-list <IDENT>

In this command <IDENT> is the softcard’s logical token hash (as given by running the command nfkminfo --softcard-list). This command displays output information similar to the following:

SoftCard
 name       "mysoftcard"
 hkltu      7fb95888ea2850d4e3ffcc8f0c22100937344308
Keys protected by softcard 7fb95888ea2850d4e3ffcc8f0c22100937344308:
 AppName simple               Ident mykey
 AppName simple               Ident myotherkey

View softcards with ppmk

To list the softcards in the current Security World using the ppmk command-line utility, use the command:

ppmk --list

In this command --list specifies that you want to list the softcards in the current Security World.

In order to view the details of a particular softcard using the ppmk command-line utility, give the command:

ppmk --info <NAME>|<IDENT>

In this command, you can identify the softcard whose details you want to view either by its name (<NAME>) or by its logical token hash (as given by running the command nfkminfo --softcard-list).