Environment variables

This appendix describes the environmental variables used by Security World Software to control SEE functionality:

Variable Description

NFAST_SEE_MACHINEENCKEY_DEFAULT

This variable is the name of the SEEConf key needed to decrypt SEE-machine images. Running the command loadmache --encryptionkey=<IDENT> (or loadmache --unencrypted) overrides any value set by this variable.

NFAST_SEE_MACHINEENCKEY_<module>

This variable is the name of the SEEConf key needed to decrypt the SEE-machine image targeted for the specified HSM. It overrides NFAST_SEE_MACHINEENCKEY_DEFAULT for the specified HSM. Running the command loadmache --encryptionkey=<IDENT> (or loadmache --unencrypted) overrides any value set by this variable.

NFAST_SEE_MACHINEIMAGE_DEFAULT

This variable is the path of the SEE machine image to load on to any HSM for which a specific image is not defined. Supplying the machine-filename parameter when running the loadmache command-line utility overrides this variable. This variable is not affected when running the loadsee-setup or hsc_loadseemachine utilities.

NFAST_SEE_MACHINEIMAGE_<module>

This variable is the path of the SEE machine image to load on to the specified HSM. If set, this variable overrides the use of NFAST_SEE_MACHINEIMAGE_DEFAULT for the specified HSM. Supplying the machine-filename parameter when running the loadmache command-line utility overrides the NFAST_SEE_MACHINEIMAGE_<module> variable. This variable is not affected when running the loadsee-setup or hsc_loadseemachine utilities.

NFAST_SEE_MACHINESIGHASH_DEFAULT

This variable is the default key hash of the vendor signing key (seeinteg) that signs SEE machine images. This variable is only required if you are using a dynamic SEE feature with an encrypted SEE machine. Running the command loadmache --sighash=<HASH> any value set in this variable.

NFAST_SEE_MACHINESIGHASH_<module>

This variable is the key hash of the vendor signing key (seeinteg) that signs SEE machine images for the specified HSM. It overrides NFAST_SEE_MACHINESIGHASH_DEFAULT for the specified HSM. This variable is only required if you are using a dynamic SEE feature with an encrypted SEE machine. Running the command loadmache --sighash=<HASH> any value set in this variable.

When the hardserver is running normally as a service, these are System variables only; not the User Variables. The hardserver checks first for these variables, but if any given value is not set in the environment, the hardserver next searches for a string value in the Registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nFast Server\Environment.

For information on additional (non-SEE) environment variables used by Security World Software, see the User Guide.