Creating and managing a Security World
This chapter describes how to create and manage a Security World. You must create a Security World before using the HSM to manage keys.
You normally create a Security World after installing and configuring the module and its software. For more information, see:
- 
The Installation Guide for more about installing the module and software. 
You create a Security World with a single HSM. If you have more than one module, select one module with which to create the Security World, then add additional modules to the Security World after its creation. For more information, see Adding or restoring an HSM to the Security World. If you create a Security World with the audit logging feature enabled, all additional HSMs added to this Security World will also have audit logging enabled.
| To use the module to protect a different set of keys, you can replace an existing Security World with a new Security World. | 
For more information about the type of user that is required for different operations, see About user privileges.
| All Security Worlds rely on you using the security features of your operating system to control the users who can access the Security World and, for example, write data to the host. | 
Creating a Security World
You can use the following to create Security Worlds:
- 
The unit front panel controls 
 See Creating a Security World using the Connect front panel.
- 
The new-worldcommand line utility
 See Creating a Security World using new-world.
The creation process
When you create a Security World:
- 
The HSM is erased 
- 
A new HSM key for this Security World is generated 
- 
A new ACS to protect this HSM key is created 
- 
The Security World information is stored within the file system of the Connect operating system and on the RFS - 
The information is encrypted using the secrets stored on the ACS 
 
- 
- 
The HSM and Security World are configured for Audit Logging if selected If you want to re-use the physical cards created in a previous Security World, you must erase all Operator Cards, except for nShield Remote Administration Cards, while the previous Security World still exists. See Erasing cards and softcards. We recommend that you regularly back up the entire contents of the RFS. Either the %NFAST_KMDATA%directory on Windows, or thekmdatadirectory on Linux, is required to restore an Connect or its replacement, to the current state in case of failure.Due to the additional primality checking required by SP800-131A, Security World generation will take longer when using the new default Ciphersuite (from v12.40 onwards) - on Edge devices that could be up to 45 minutes. 
Security World Files
The Security World infrastructure stores encrypted key material and related data in files on the remote file system on the client. For multiple clients to use the same Security World, the system administrator must ensure that these files are copied to all the clients and updated when required.
For more information about the remote file system, see:
Other Connect modules can also use a Security World created on an Connect using client cooperation. For more information, see Setting up client cooperation.
Location of Security World files
If a Security World operation is done on the module, the files are created or updated on the module and automatically copied to the directory specified by the environment variable NFAST_KMLOCAL on the remote file system.
By default, this is
/opt/nfast/kmdata/local.
If the Security World operation is done on a client machine (for example, Operator Card Set and key operations), files are created or updated in the
or the directory specified by the NFAST_KMLOCAL environment variable, on the client machine only.
The
/opt/nfast/kmdata/local
directory on the remote file system is updated automatically when an operation is done on the module.
If you want to make cards or keys which are normally created from the client available from the module’s front panel, we recommend that you use client co-operation to automate the copying of files to the module. For information about configuring client co-operation, see Setting up client cooperation.
If you do not use client cooperation, you must manually copy the appropriate card and key files from the client or host on which the card set or key was created to the
/opt/nfast/kmdata/local's remote file system.
These files must then be updated on the module by selecting Security World mgmt > RFS operations > Update World files from the main menu.
To be able to create Operator Cards or keys, the user on the client must have write permission for this directory. All other valid users must have read permission.
| By default, the Key Management Data directory, and sub-directories, inherit permissions from the user that creates them. Installation of the Security World Software must be performed by a user with Administrator rights that allow read and write operations, and the starting and stopping of applications. | 
Files and operations
Security World operations create or modify files in the
/opt/nfast/kmdata/local
directory as follows:
| Operation | creates/modifies | the file(s) … | 
|---|---|---|
| Create a Security World | creates | 
 (for each module in the Security World)  | 
| Load a Security World | creates or modifies | (for each module in the Security World)  | 
| Replace an ACS | modifies | 
 | 
| Create an OCS | creates | 
 
 | 
| Create a softcard | creates | 
 | 
| Generate a key | creates | 
 | 
| Recover a key | modifies | 
 | 
In this table:
- 
<ESN>is the electronic serial number of the module on which the Security World is created
- 
<IDENT>is the identifier given to the card set or key when it is created
- 
<NUMBER>is the number of the card in the card set
- 
<APPNAME>is the name of the application by which the key was created.
The <IDENT> of a card set is a 40-character string that represents the hash of the card set’s logical token.
The <IDENT> of a key is either user supplied or a hash of the key’s logical token, depending on the application that created the key.
Required files
The following files must be present and up to date in the %NFAST_KMDATA%\local directory, or the directory specified by the NFAST_KMLOCAL environment variable, for a
client
to use a Security World:
- 
world
- 
A module_ESNfile for each module that this host uses
- 
A cards_<IDENT>file for each card set that is to be loaded from this host
- 
A card_<IDENT>_NUMBERfile for each card in each card set that is to be loaded from this host
- 
A key_<APPNAME>_<IDENT>file for each key that is to be loaded from this host.
These files are not updated automatically. You must ensure that they are synchronized whenever the Security World is updated on the module.
Security World options
Decide what kind of Security World you need before you create it. Depending on the kind of Security World you need, you can choose different options at the time of creation. For convenience, Security World options can be divided into the following groups:
- 
Basic options, which must be configured for all Security Worlds - 
Optionally enable Audit Logging for the Security World 
 
- 
- 
Recovery and replacement options, which must be configured if the Security World, keys, or pass phrases are to be recoverable or replaceable 
- 
SEE options, which only need be configured if you are using CodeSafe 
- 
Options relating to the replacement of an existing Security World with a new Security World. 
Security World options are highly configurable at the time of creation but, so that they will remain secure, not afterwards. For this reason, we recommend that you familiarize yourself with Security World options, especially those required by your particular situation, before you begin to create a Security World.
Security World basic options
When you create a Security World, you must always configure the basic options described in this section.
ACS quorum
You must decide the total number of cards (N) in a Security World’s ACS and must have that many blank cards available before you start to create the Security World. You must also decide how many cards from the ACS must be present (K) when performing administrative functions on the Security World.
| We recommend that you do not create ACSs for which K is equal to N, because you cannot replace such an ACS if even 1 card is lost or damaged. | 
| In Common Criteria CMTS Security Worlds the minimum value of K for the ACS is 2. | 
In many cases, it is desirable to make K greater than half the value of N (for example, if N is 7, to make K 4 or more). Such a policy makes it harder for a potential attacker to obtain enough cards to access the Security World. Choose values of K and N that are appropriate to your situation.
The total number of cards used in the ACS must be a value in the range 1 – 64.
FIPS 140-2 Level 3 compliance
By default, Security Worlds are created to comply with the roles and services, key management, and self-test sections of the FIPS 140-2 standard at Level 2. However, you can choose to enable compliance with the FIPS 140-2 standard at Level 3.
| This option provides compliance with the roles and services of the FIPS 140- 2 Level 3 standard. It is included for those customers who have a regulatory requirement for compliance. | 
If you enable compliance with FIPS 140-2 Level 3 roles and services, authorization is required for the following actions:
- 
Generating a new OCS 
- 
Generating or importing a key, including session keys 
- 
Erasing or formatting smart cards (although you can obtain authorization from a card you are about to erase). 
In addition, you cannot import or export private or symmetric keys in plain text.
UseStrongPrimes Security World setting
The default setting is to generate RSA keys in a manner compliant with FIPS 186-3. If you have not selected to create a FIPS 140-2 Level 3 Security World then you can choose to turn this setting off to decrease the RSA key generation time. If you have selected a FIPS 140-2 Level 3 or common-criteria-cmts Security World then you cannot alter this setting.
| When this option is selected RSA key lengths must be a multiple of 256 bits. | 
Remote Operator
To use a module without needing physical access to present Operator Cards, you must enable the Remote Operator feature on the module. For more information, see Enabling optional features.
By default, modules are initialized into Security Worlds with remote card set reading enabled. If you add a module for which remote card reading is disabled to a Security World for which remote card reading is enabled, the module remains disabled.
OCS and softcard replacement
By default, Security Worlds are created with the ability to replace one OCS or softcard with another. This feature enables you to transfer keys from the protection of the old OCS of softcard to a new OCS or softcard.
| You can replace an OCS with another OCS, or a softcard with another softcard, but you cannot replace an OCS with a softcard or a softcard with an OCS. Likewise, you can transfer keys from an OCS to another OCS, or from a softcard to another softcard, but you cannot transfer keys from an OCS to a softcard or from a softcard to an OCS. | 
You can choose to disable OCS and softcard replacement for a Security World when you create it. However, in a Security World without this feature, you can never replace lost or damaged OCSs; therefore, you could never recover the keys protected by lost or damaged OCSs, even if the keys themselves were generated as recoverable (which is the default for key generation).
| OCS and softcard replacement cannot be enabled after Security World creation without reinitializing the Security World and discarding all the existing keys within it. | 
For an overview of Security World robustness and OCS or softcard replacement, see Replacing an Operator Card Set or recovering keys to softcards. For details about performing OCS and softcard replacement operations, see Replacing Operator Card Sets and Replacing the Administrator Card Set.
Pass phrase replacement
By default, Security Worlds are created so that you cannot replace the pass phrase of a card or softcard without knowing the existing pass phrase.
However, you can choose to enable pass phrase replacement at the time you create a Security World. This option makes it possible to replace the pass phrase of a card or softcard even if you do not know the existing pass phrase. Performing such an operation requires authorization from the Security World’s ACS.
For details about performing pass phrase replacement operations, see Changing unknown or lost pass phrase.
Nonvolatile memory (NVRAM) options
Enabling nonvolatile memory (NVRAM) options allows keys to be stored in the module’s NVRAM instead of in the Key Management Data directory of the host computer. Files stored in the module’s non-volatile memory have Access Control Lists (ACLs) that control who can access the file and what changes can be made to the file. NVRAM options are relevant only if your module’s firmware supports them, and you can store keys in your module’s NVRAM only if there is sufficient space.
| When the amount of information to be stored in the NVRAM exceeds the available capacity, you can instead store this data in a blob encrypted with a much smaller key that is itself then stored in the NVRAM. This functionality allows the amount of secure storage to be limited only by the capacity of the host computer. | 
Security World SEE options
You must configure SEE options if you are using the nShield  Secure Execution Engine (SEE). If you do not have SEE installed, the SEE options are irrelevant.
SEE debugging
SEE debugging is disabled by default, but you can choose whether to enable it for all users or whether to make it available only through use of an ACS. In many circumstances, it is useful to enable SEE debugging for all users in a development Security World but to disable SEE debugging in a production Security World. Choose the SEE debugging options that best suit your situation.
Real-time clock (RTC) options
Real-time clock (RTC) options are relevant only if you have purchased and installed the CodeSafe Developer kit. If so, by default, Security Worlds are created with access to RTC operations enabled. However, you can choose to control access to RTC operations by means of an ACS.
Security World replacement options
Options relating to Security World replacement are relevant only if you are replacing a Security World.
If you replace an existing Security World, its
/opt/nfast/kmdata/local
directory is not overwritten but renamed
/opt/nfast/kmdata/local_N
(where N is an integer assigned depending on how many Security Worlds have been previously saved during overwrites). A new Key Management Data directory is created for the new Security World.
If you do not wish to retain the
/opt/nfast/kmdata/local_N
directory from the old Security World, you must delete it manually.
Creating a Security World using the Connect front panel
| When initiated from the Connect front panel, while a Security World is being created the Connect disconnects itself from the network to ensure that the operation is not interrupted. This means that the Remote Administration feature cannot be used to present cards from a remote location when creating a Security World from the front panel. | 
Before you start
Before you start to create a Security World:
- 
The directory /opt/nfast/kmdata/localon the remote file system must exist and be empty.
- 
Before configuring the Security World, you should know: - 
The security policy for the HSM 
- 
The number and quorum of Administrator Cards and Operator Cards to be used. 
 To help you decide on the Security World you require, see Security World options. 
- 
- 
You must have enough smart cards to form the Security World’s card sets. 
To create a Security World from the Connect Front Panel:
- 
From the main menu, select Security World mgmt > Module initialization > New Security World. 
- 
Specify the Security World mode: - 
FIPS 140-2 Level 3 creates a Security World compliant with FIPS 140-2 requirements for roles and services at Level 3. 
- 
Common Criteria CMTS creates a Security World supporting Common Criteria Protection Profile EN 419 221-5. 
- 
Unrestricted creates a Security World which doesn’t impose any particular conformance. With appropriate environmental constraints, an unrestricted Security World can be compliant with FIPS 140-2 Level 2. 
 
- 
- 
Select the Cipher suite for the Security World. Currently only one option is available for the Security World key, AES (SP800-131AR1). 
- 
Enter the default quorum for the ACS. This consists of: - 
The maximum number of cards from the ACS required by default for an operation. This number must be less than or equal to the total number of cards in the set. 
- 
The total number of cards to be used in the ACS. This must be a value in the range 1 – 64 except for the Common Criteria CMTS Security World mode, for which the range is 2 – 64. We recommend that you do not create an ACS for which the required number of cards is equal to the total number of cards because you cannot replace such an ACS if even a single card is lost or damaged. 
 
- 
- 
If you answer the question Specify all quorums? by selecting: - 
no - all operations and features (with the exception of pass phrase recovery) will be enabled and require the maximum number of cards 
- 
yes - you can specify which operations and features you want to enable (including pass phrase recovery) and what the required number of cards for each of these will be. 
 
- 
- 
If you chose to disable individual features or require a lower number of cards required for an operation, specify these parameters now. You can select a different number of Administrator Cards (K) to be required for each operation. You can also disable recovery and replacement operations and choose to use KNSO to authorize SEE (Secure Execution Engine) operations. The options for which you can specify a separate value of K are as follows: Operation Action allowed on HSM Module reprogramming Initializing an HSM into a Security World. You must specify a value of K for this operation. Pass phrase replacement Replacement of pass phrases from backup files when recovering an OCS. You can disable this operation, see Pass phrase replacement. This operation is disabled in Common Criteria CMTS mode and cannot be enabled. OCS/softcard replacement Recovery of keys from backup files when replacing an OCS. You can disable this operation if you are using the Connect, see OCS and softcard replacement. NVRAM access Reading from and writing to the NVRAM. You can choose to authorize this operation with KNSO, see Nonvolatile memory (NVRAM) options. RTC access Updating the real time clock. You can choose to authorize this operation with KNSO, see Real-time clock (RTC) options. SEE debugging Viewing full SEE debug information. You can specify a value of K for this operation, all it for all users or authorize it with KNSO, see SEE debugging. This operation is disabled in Common Criteria CMTS mode. FTO Use of an Foreign Token Open (FTO) Delegate Key (ISO Smart Card Support). You can specify a value of K for this operation or authorize it with KNSO. This operation is disabled in Common Criteria CMTS mode. 
- 
Specify if audit logging should be enabled. In Common Criteria CMTS mode, audit logging is automatically enabled and cannot be disabled. 
- 
Specify whether the HSM is a valid target for remote shares (that is, whether it can import slots), see Remote Operator. This option is disabled for Common Criteria CMTS mode. 
- 
For Common Criteria CMTS mode only, choose whether to specify the maximum number of times an Assigned key can be used since it was authorized. A use limit compatible with the specified maximum will be imposed at key creation time and can be verified for Assigned keys. If you choose to specify a maximum key usage limit: - 
Enter the key usages allowed, up to a maximum of 9999. 
 
- 
- 
For Common Criteria CMTS mode only, choose whether to specify a maximum timeout for Assigned keys since key authorization. A time limit compatible with the specified maximum will be imposed when the key is created, and can be verified for Assigned keys. If you choose to specify a key timeout: - 
Select the units from Seconds, Minutes, Hours, or Days. 
- 
Enter a value up to a maximum of 9999 in your selected unit. 
 
- 
- 
Format a card for the ACS as follows: - 
Insert a card for the ACS and confirm that you want to use it. 
- 
If the card is not blank, choose whether to overwrite it or to use a different card. 
- 
Choose whether to specify a pass phrase for the card. If you choose to specify a pass phrase: - 
Enter the pass phrase. 
- 
Enter the pass phrase again to confirm it. If the two pass phrases do not match, you must enter the correct pass phrase twice. 
 
- 
- 
When prompted, remove the card. 
 
- 
- 
Repeat the previous step to format additional cards for the ACS, setting their pass phrases as described, until the ACS is complete. Each prompt screen shows how many cards are required and how many have been used. 
- 
At completion, a message confirms that the Security World has been created. 
Creating a Security World using new-world
Before you start
Before you start to create a Security World:
- 
The HSM must be in pre-initialization mode. See Checking and changing the mode on an nShield Connect for more about changing the mode. 
- 
You must be logged in to the computer that is running the RFS. The RFS should be a privileged client that has the client tools installed. For more information, see server_settings. 
- 
If you have installed the Security World Software in a directory other than /opt/nfast/, you must have created a symbolic link from/opt/nfast/to the directory in which the software is actually installed.
- 
Before configuring the Security World, you should know: - 
The security policy for the HSM 
- 
The number and quorum of Administrator Cards and Operator Cards to be used 
 To help you decide on the Security World you require, see Security World options. 
- 
- 
You must have enough smart cards to form the Security World’s card set. 
When you have finished creating a Security World, you must restart the HSM in operational mode.
Using nethsmadmin to copy a Security World to an Connect and check the current version
If a Security World is created using new-world, the nethsmadmin command-line utility enables you to copy the resultant files to a Connect.
Run the command:
nethsmadmin --module=<MODULE> --update-worldnethsmadmin can also be used to check if the Security World files have been copied to the Connect.
Run the command:
nethsmadmin --module=<MODULE> --check-worldIn these commands:
--module=<MODULE>
Specifies the HSM to use, by its ModuleID (default = 1).
Follow the directions in this section to create a Security World from the command line with the new-world utility.
Running the new-world command-line utility
Open a command prompt window and type the command new-world using the options in the table.
The example below will create a Security World supporting FIPS140-2 Level 3 with a ACS quorum of 3/5 and with audit logging enabled.
new‑world --mode=fips-140-2-level-3 ‑‑acs‑quorum=3/5 --audit-loggingIn this command:
| Option | Description | ||||||
|---|---|---|---|---|---|---|---|
| 
 | This option tells  
 | ||||||
| 
 | This option tells  | ||||||
| 
 | This option tells  | ||||||
| 
 | If you have not specified a mode parameter you can use the  | ||||||
| 
 | 
 
 Omitting this option will create a default Security World compliant with FIPS 140-2 Level 2. | ||||||
| 
 | This option tells  By default,  
 
 
 | ||||||
| 
 | This option specifies the Cipher suite and type of key that is used to protect the new Security World.  | ||||||
| 
 | This option allows you to specify the time-out ( | ||||||
| 
 | This option specifies the module to use (by its  | ||||||
| 
 | In this option,  
 
 
 
 This option only takes effect if you are creating a new Security World. | ||||||
| 
 | This option instructs  | ||||||
| 
 | This option disables the use of PKCS#1 v1.5 padding. All attempts to use PKCS#1 v1.5 padding for encryption or decryption operations will be rejected. PKCS#1 v1.5 signature operations are not affected. PSS and OAEP are not affected. | ||||||
| 
 | This option enables a minimum pass phrase length check for the Administrator Card Set (ACS) the Operator Card Set (OCS) and any associated softcards when you create a Security World. The minimum pass phrase length check is then applied after the Security World is created. When enabled and you attempt to create a card pass phrase with fewer characters than the specified minimum length, the following warning message displays: 
 However, the pass phrase can still be used. Example: If  | ||||||
| 
 | This option enables pass phrases to have at least one uppercase, lowercase, number, and symbol. If the  | ||||||
| 
 | This option configures the Security World and the HSM on which it is being created for audit logging, creating a log signing key for each HSM. 
 Audit logging is automatically enabled when the Security World is created in  | ||||||
| 
 | This option allows the administrator to specify a maximum reauthorization condition in terms of number of key usages since authorization for Assigned keys in common-criteria-cmts mode.
A use limit compatible with the specified maximum will be applied at key creation time and can be verified for Assigned keys.
If this is not set then no  | ||||||
| 
 | This option allows the administrator to specify a maximum reauthorization condition in terms of a TIMEOUT since authorization for Assigned keys in common-criteria-cmts mode. By default, an integer given for TIMEOUT is interpreted in seconds, but you can supply values for TIMEOUT in the form Ns, Nh, or Nd where N is an integer and s specifies second, h specifies hours, and d specifies days. A use limit compatible with the specified maximum will be applied at key creation time and can be verified for Assigned keys. If this is not set then no limit is applied to Assigned keys on creation. | 
| The --max-keyusageand--max-keytimeoutoptions are only available in common-criteria-cmts mode.
They provide support for the Protection Profile requirement that reauthorization conditions are set by an administrator on creating an Assigned Key. | 
new-world command-line utility features
Features for the Security World can be specified using the command line.
Security world features are selected by ’feature expressions’. A feature expression is a comma‑separated list of ’feature terms’. Each term consists of a feature name, optionally preceded by either a double dash ‑‑, an exclamation point !, or no‑ to turn off the feature, and optionally followed by an equals sign = and the quorum of cards from the ACS required to use the feature.
The default quorum is taken from the K argument of the --acs-quorum option.
| The !character is interpreted by some shells as history expansion and must be escaped with a backslash,\!. The dash may be interpreted as being the start of an command-line option unless you have used the-foption or specified an HSM without including the-mflag. | 
| If you set the !ftoflag, that is, turn off FTO, you will not be able to use smart cards to import keys. | 
| To use extended debugging for the HSM, you must set the dseeallflag. | 
The following feature names are available:
| Feature name | Description | 
|---|---|
| 
 | This feature makes it possible to add new HSMs into the Security World. This feature cannot be disabled. | 
| 
 | This feature enables OCS and softcard replacement; see Replacing Operator Card Sets. | 
| 
 | This feature enables pass phrase replacement; see Pass phrase replacement and Changing card and softcard pass phrase. | 
| 
 | This feature specifies that ACS authorization is needed to enable nonvolatile memory (NVRAM) allocation. | 
| 
 | This feature specifies that ACS authorization is needed to set the real-time clock (RTC); (see Real-time clock (RTC) options). | 
| 
 | This feature specifies that that ACS authorization is needed to enable SEE World debugging. | 
| 
 | This feature enables SEE World debugging for  | 
| 
 | This feature specifies that ACS authorization is needed to enable foreign token operations (FTO). | 
The following features remain available for use on presentation of the standard ACS quorum, even if turned off using the ! operator:
- 
nvram
- 
rtc
- 
fto
Setting the quorum of one these features to 0 has the same effect as turning it off using the ! operator.
The pass phrase replacement (p) and dseeall features are turned off by default; the other options are turned on by default.
| The nonvolatile memory and SEE world debugging options are relevant only if you are using the Secure Execution Engine. If you have bought the CodeSafe Developer Kit, refer to the CodeSafe Developer Guide for more information. | 
| To use extended debugging for the HSM, you must set the dseeallflag. | 
| The dseealloption is designed for testing purposes only.
Do not enable this feature on production Security Worlds as it may enable SEE applications to leak security information. | 
For example, the following features:
m=1, r, !p, nv=2, rtc=1Create a Security World for which:
- 
A single card from the ACS is required to add a new HSM 
- 
The default number is required to replace an OCS 
- 
Pass phrase replacement is not enabled 
- 
Two cards are required to allocate nonvolatile memory 
- 
One card is required to set the real-time clock (applies to SEE only). 
new-world command-line utility output
If new-world cannot interpret the command line, it displays its usage message and exits.
If you attempt to set a quorum for a feature that you have disabled or if you attempt to set a quorum too high, new-world displays an error and exits.
If the HSM is not in the pre‑initialization mode, new-world advises you that you must put the HSM in this mode and waits until you have changed the HSM mode before continuing.
See
Checking and changing the mode on an nShield Connect
for more about changing the mode.
| If the HSM is in the pre-initialization mode, new-worldprompts you for smart cards and pass phrases as required. | 
After you have created a Security World
Store the ACS in a safe place.
| If you lose more than N minus K of these Administrator Cards you cannot restore the Security World or lost Operator Cards. For example, if you have a 2/3 ACS and you lose more than one card, you cannot restore the Security World. If you have created an Administrator card set where K = N, then the loss of one card stops you from being able to restore the Security World. | 
To prevent this situation from occurring, replace lost or damaged cards from the ACS as soon as you discover the loss or damage. For more information, see Replacing the Administrator Card Set.
| The security of the keys that you create within this Security World is wholly dependent on the security of these smart cards. | 
The Security World data is stored on the HSM and on the RFS. For more information, see Security World Files.
The HSM can now be used to create Operator Cards and keys for the new Security World.
Displaying information about your Security World
To display information about the status of your Security World:
- 
Select Security World mgmt > Display World info from the main menu 
- 
Run the nfkminfocommand-line utility. See Displaying information about a Security World with nfkminfo.
- 
Run the kmfile-dumpcommand-line utility. See Displaying information about a Security World with kmfile-dump.
- 
Run the nethsmadmincommand-line utility. See Using nethsmadmin to copy a Security World to an Connect and check the current version.
You can also use KeySafe to view a summarized description of the Security World.
Displaying information about a Security World with nfkminfo
To display information about a Security World from the command line, run the command:
nfkminfo ‑w|‑‑world‑info [‑r|‑‑repeat] [‑p|‑‑preload‑client‑id]In this command, the -w|--world-info option specifies that you want to display general information about the Security World.
This option is set by default, so you do not need to include it explicitly.
Optionally, the command can also include the following:
| Option | Description | 
|---|---|
| 
 | This option repeats the information displayed. There is a pause at the end of each set of information. The information is displayed again when you press Enter. | 
| 
 | This option displays the preloaded client ID value, if any. | 
To output a detailed list of Security World information, run nfkminfo with the -w|--world-info option (with or without the other options). For a description of the fields in this list, and more information about using nfkminfo, see nfkminfo: information utility.
Displaying information about a Security World with kmfile-dump
To display information about a World from the command line, run the command:
kmfile-dump [<worldfile>]where <worldfile> is the file storing the World data, usually /opt/nfast/kmdata/local/world
If no WorldVersion is received as a result of the command then the World is either version 1 or version 2.
If a WorldVersion of either '2' or '3' is received then the World is version 3.
Adding or restoring an HSM to the Security World
When you have created your Security World, you can add additional HSMs to it. You can restore HSMs that have previously been removed from the same Security World in the same way.
You can also restore an HSM to a Security World to continue using existing keys and Operator Cards:
- 
After you upgrade the firmware 
- 
If you replace the HSM. 
| The additional HSMs can be any nShield HSMs. | 
To add an HSM to a Security World, you must:
- 
Have installed the additional HSM hardware, as described in the Installation Guide. 
- 
Have a copy of the Security World data on the HSM’s remote file system in the Key Management Data directory. 
- 
Possess a sufficient number of cards from the ACS and the appropriate pass phrases. 
Adding or restoring an HSM to a Security World:
- 
Erases the Security World data on the HSM’s internal file system 
- 
Reads the required number of cards (K) from the ACS so that it can re-create the secret 
- 
Reads the Security World data from the remote file system 
- 
Uses the secret from the ACS to decrypt the Security World key 
- 
Stores the Security World key in the HSM’s nonvolatile memory 
- 
Configures the HSM for audit logging if the Security World was created with audit logging selected. 
After adding an HSM to a Security World, you cannot access any keys that were protected by a previous Security World that contained that HSM.
| It is not possible to program an HSM into two separate Security Worlds simultaneously. | 
Adding an HSM to a Security World using the Connect front panel
To add an HSM to a Security World:
- 
If the HSM already belongs to a Security World, erase it from the Security World to which it belongs, as described in Erasing a module from a Security World. 
- 
From the main menu, select Security World mgmt > Module initialization > Load Security World. 
- 
Specify whether the HSM can use the Remote Operator feature import slots. For more information, see Remote Operator. 
- 
At the prompt, insert an Administrator Card, and enter its pass phrase if required. 
- 
Continue to insert Administrator Cards when prompted until you have inserted the number required to authorize HSM reprogramming. 
Adding an HSM to a Security World with new-world
- 
Open a command window and type the command: new-world [-l|--program] [-S|--no-remoteshare-cert] [-m|--module=<MODULE>]In this command: - 
-l|--programThis option tells new‑worldto add an HSM to an existing Security World (in the Key Management Data directory). If you have multiple HSMs available, you can use the-m|--module=`MODULE option to specify an HSM. If you do not specify an HSM `new‑worldadds all available HSMs to the Security World.
- 
-S|--no-remoteshare-certThese options tell new-worldnot to make the HSM a target for remote shares.
- 
-m|--module=<MODULE>This option specifies the HSM to use (by its ModuleID). If you have multiple HSMs and do not specify an HSM,new-worldadds all available HSMs to the existing Security World.
 If new-worldcannot find the key-management data, it displays the message:new-world: no existing world to load.If you intend to initialize the HSM into a new Security World, run new-worldwith the-ioption.If the HSM is not in the pre-initialization state, new-worlddisplays an error and exits. See Checking and changing the mode on an nShield Connect for more about changing the mode.If the HSM is in the pre-initialization state, new-worldprompts you for cards from the Security World’s ACS and to enter their pass phrases as required.
- 
- 
After new-worldhas reprogrammed the HSM, restart the HSM in the operational state. See Checking and changing the mode on an nShield Connect for more about changing the mode.
- 
Store the ACS in a safe place. 
| If any error occurs (for example, if you do not enter the correct pass phrases), the HSM is reset to the factory state.
The HSM does not form part of the Security World unless you run new-worldagain. | 
Security World migration
The current version of Security World software enables you to create a Security World that fully complies with the NIST Recommendations for the Transitioning of Cryptographic Algorithms and Key Sizes (SP800-131Ar1) or alternatively Common Criteria PP 419 221-5 (common-criteria-cmts) depending on the options selected at World creation. This is called World version 3.
We recommend that where compliance with the specifications above is required, you create a new World and create new keys within that World.
However, the software also includes a migrate-world command-line utility that you can use for migrating existing keys into the new World.
This is provided as a convenience for customers who require compliance with the specifications, and who need to continue using existing keys.
In the case of a Common Criteria World the specification prohibits the importing of assigned keys. Only general keys can be imported into a common-criteria-cmts World.
| Throughout the following sections, the terms Source Worldrefers to the World from which you want to migrate keys, andDestination Worldrefers to the World to which you want to migrate keys. | 
| The utility requires the use of two modules. One module is referred to as the source module. The other module is referred to as the destination module. | 
Pre-requisites for migrating keys
In order to use the migrate-world utility the following will be needed:
- 
Two HSMs. These can be any of the hardware variants Solo+, Solo-XC, Connect+, Connect-XC and do not need to be of the same type. 
- 
A quorum of ACS cards for the source World. 
- 
A quorum of ACS cards for the destination World. 
- 
Sufficient blank cards to create new OCS cards for any keys that are OCS protected. 
- 
Remote mode switching must be enabled on both HSMs used for the migration. For instructions, see Enabling and disabling remote mode change. 
Restrictions on migrating keys
The following restrictions apply to the use of migrate-world:
- 
The source module must be running firmware version 12.50 or later. 
- 
The destination module must be running firmware version 12.50 or later. 
- 
Only recoverable keys can be migrated. If your source keys are non-recoverable, you cannot use the migration utility to migrate keys. 
- 
It is not possible to alter a key’s protection or change the quorum of any created OCS during the migration. 
- 
Replacement cards should be of the same or newer generation than the cards that they replace. 
- 
The source and destination modules must both have KLF2 warrants. If one or both of the modules are Solo XC and have a KLF warrant you should request an upgrade to a KLF2 warrant before starting migration, see the Warrant Management section in the Solo User Guide. 
- 
The operator running the migrate-world utility must have the access rights to create a privileged connection to the hardserver. 
- 
The migration tool must have exclusive use of the modules during migration. Do not use them for any other purpose during migration and if either module is a Connect do not enter anything via the front panel during migration. 
| If the destination World is fips-140-2-level-3, then some keys that were usable in the source World may not be usable in the destination World due to those algorithms or key lengths being restricted.
The migration tool might not be able to successfully migrate these keys so they should be removed from the source World before attempting the migration.
Any keys of this type that do migrate successfully will be restricted at the point of use. | 
| If the destination World is fips-140-2-level-3orcommon-criteria-cmtsthe migration tool will automatically remove ExportAsPlain from the ACL of any migrated key during the migration process. | 
| If the destination world does not support audit logging the migration tool will automatically remove LogKeyUsage from the ACL of any migrated key during the migration process. | 
About the migration utility
You can run the migration utility in the following modes:
- 
Plan mode: Returns a list of steps for migration and the required card sets and pass phrases but does not migrate any keys. 
- 
Perform mode: Runs the plan mode prior to presenting the option to proceed and migrate keys according to the plan. 
Usage and options
migrate-world [OPTIONS] --src-module=<source_module> --dst-module=<dest_module> --source=<source-kmdata-path> --debug --dst-warrant=<dst-warrant-path> --src-warrant=<src-warrant-path [--plan | --perform] --key-logging| Option | Enables you to… | 
|---|---|
| 
 
 | Migrate no more than this number of keys per ACS loading. This is useful to prevent ACS time-outs if you have a large number of keys to migrate. (0=unlimited, default=0). It is recommended to limit the number of keys to be migrated at any one time to no more than 100. | 
| 
 | Obtain information about the options you can use with the utility. | 
| 
 
 | Migrate keys protected by this number of card sets or softcards per ACS loading. This is useful to prevent ACS time-outs if you have a large number of different card sets or softcards to migrate. (0=unlimited, default=0). | 
| 
 | View the version number of the utility. | 
| 
 | Specify the location of the warrant file of the source module. | 
| 
 | Specify which module ID to use as the source module. | 
| 
 | Specify the path to the folder that contains the source World data. | 
| 
 | View the list of steps that will be carried out. | 
| 
 | Migrate keys interactively. | 
| 
 | Specify the location of the warrant file of the destination module. | 
| 
 | Specify which module ID to use as the destination module. | 
| 
 | Outputs debug messages and stack traces in case of errors. It is recommended to use this only for testing as it will slow down operation and make card timeouts more likely to occur. A large volume of output is produced for each key that is migrated, so it is recommended to migrate a single key at a time when using this option. | 
| 
 | This option will enable key usage logging on all migrated keys. If the destination World does not support audit logging the keys will still be migrated but LogKeyUsage logging will not be set in the ACL of the migrated keys. | 
| Do not terminate path names in the command parameters with a backslash character. If this is not possible then either terminate with a double backslash or insert a blank space between the backslash and the terminating quotation mark. | 
Migrating keys
Preparing for migration
Before you begin:
- 
Install the latest version of the Security World Software from the installation media. See the Installation Guide for more information. 
- 
Ensure that the warrant files for the source and destination modules are stored in their default locations. For Solo+, or SoloXC modules, the default location is NFAST_KMDATA/warrants/. For Connect+, or ConnectXC modules, the default location is NFAST_KMDATA/hsm-<ESN>/warrants/. If the warrant files are not at the default location, the --src-warrantand--dst-warrantparameters need to be specified in themigrate-worldcommand.
- 
Copy the source World data to a location defined by the --source=<SOURCE>parameter of the migration tool.
- 
If the destination World does not exist already, create a new destination World. For instructions, see Creating a Security World 
| You must enable all your features on the destination module before migration. Otherwise, the migration will fail. | 
Migrating keys process
| To ensure the security of your keys, we recommend that the migration process is overseen by ACS-holding personnel and the end-to-end migration process is completed continuously, without any breaks in the process. This will also reduce the possibility of your ACS experiencing a time-out. | 
| If the destination World supports audit logging you can choose whether the migrated keys will have key usage logging enabled or not by use of the --key-loggingcommand line switch.
If you only wish key usage logging to be enabled on a subset of the keys then you must separate the source keys into two groups and run the migrate-world command separately for each group. | 
To migrate keys to the destination World:
- 
Run the migration utility in the perform mode with the required options. For information about the usage and options you can use, see About the migration utility. 
- 
Ensure that the data for the destination World is in the standard location for World data, derived from one of the following: - 
Either the environment variable NFAST_KMLOCALorNFAST_KMDATA.
- 
The default directory: /opt/nfast/kmdata/local/.
 
- 
- 
If the module is not configured to use the destination World, the utility prompts you to program the module and supply the ACS of the destination World. 
- 
The utility guides you through specific steps, prompting you to supply the required card sets and pass phrases. 
- 
At the end of the migration both the source and destination modules are cleared. If you wish to use the modules then you must reload them with an appropriate Security World. The utility will attempt to automatically change the module mode when needed. Should the automatic change of mode fail for any reason, then the utility will prompt you to change the module state to either initialization or operational at various points during the procedure. See Checking and changing the mode on an nShield Connect for more about changing the mode. 
Verifying the integrity of the migrated keys
To verify the integrity of the migrated keys, run the nfkmverify utility with the following options, as appropriate:
- 
If the keys are module-protected, run the utility with one of the following options: - 
-Loption, which checks the ACL of a loaded key instead of the generation certificate.
- 
-Roption, which checks the ACL of a key loaded from a recovery blob.
 
- 
- 
If the keys are protected by cardsets or softcards, run the nfkmverifyutility with the-Roption in combination with the preload utility.Example: preload --admin=RE nfkmverify -R -m1 <application> <key-ident>Do not use the nfkmverifyutility with the default-Coption. If you use this option, the utility returns errors because the ACL in the certificate will reflect the old world.Note that if the destination World is fips-140-2-level-3then some keys that were usable in the source World may not be usable in the destination World due to those algorithms or key lengths being restricted. The migration tool will successfully migrate the keys but they will be restricted at the point of use.
Troubleshooting
| If you encounter any errors that are not listed in the following table, contact Support. | 
| Error | Explanation | Action | 
|---|---|---|
| There are no keys requiring migration. | Any migrate-able keys found in the source World already exist in the destination World. The migration utility returns this error if: 
 | None. | 
| Source module must be specified. Destination module must be specified. Source and Destination modules must be different. Module is not usable. | This utility requires you to specify both a source and destination module which must be different modules and both must be usable. | Specify the correct modules. | 
| Source World has indistinguishable cardsets or softcards. Destination World has indistinguishable keys. | There are irregularities in one of the Worlds, but these irregularities do not affect the migration process. | None. | 
| Destination World has indistinguishable cardsets or softcards. Source World has indistinguishable keys. Cannot determine protection of keys. | There are problems with one of the Worlds. | Contact Support. | 
| Source World not recoverable. | The source World is not recoverable and the keys therefore cannot be migrated. | If the source World is not recoverable, you cannot use the migration utility to migrate keys. Contact Support. | 
| Missing security World at PATH. Source world must be specified. | The path for the source World is wrong. There is no World data at the location that was specified when running the migration utility. | Supply the correct path to the source World. If you have supplied the correct path to the directory that contains the source World data, the migration utility has not found a destination World. | 
| Source World is the same as the destination World. | An incorrect path was supplied for the source World data when running the utility. The destination World data does not exist in the default location defined by the environment variable  | Run the utility with the correct path to the source World data. Move the source World data to a different location and then copy the destination World data to the default location. If the default location is defined by an environment variable, configure the variable to point to the location of the destination World, which then becomes the new default location. | 
| Cannot find <NAME> utility, needed by this utility. <NAME> utility is too old, need at least version <VERSION NUMBER>. | The software installation is partially completed. The path (in the environment variable for the operating system) might be pointing to an old version of the software. | Reinstall the software. Ensure that the path points to the latest version of the software. | 
| nFast error: TimeLimitExceeded; in response to SetKM… | The ACS time-out limit has expired. | Restart the key migration process; see Security World migration. | 
| Destination world does not support audit logging. | You have specified the  | None. The keys will be migrated but LogKeyUsage will not be set in the ACL of migrated keys. | 
| Failed to load warrant file <FILE>. | There is a problem reading the warrant file. | Check that your warrant files are in the correct location and have not been edited in any way. | 
Erasing a module from a Security World
Erasing a module from a Security World deletes from the module all of the secret information that is used to protect your Security World. This returns the module to the factory state. Provided that you still have the ACS and the host data, you can restore the secrets by adding the module to the Security World.
Erasing a module removes any data stored in its nonvolatile memory (for example, data for an SEE program or NVRAM-stored keys). To preserve this data, you must back it up before erasing the module.
We provide the nvram‑backup utility to enable data stored in nonvolatile memory to be backed up and restored.
| You do not need the ACS to erase a module. However, unless you have a valid ACS and the host data for this Security World, you cannot restore the Security World after you have erased it. | 
After you have erased a module, it is in the same state as when it left Entrust (that is, it has a random module key and a known KNSO).
Erasing a module from the unit front panel
To erase a module from a Security World, from the main menu, select Security World mgmt > Module initialization > Erase Security World.
When you erase a Security World in this way, the Security World files remain on the remote file system. Delete these files if you wish to remove Security World completely. For more information, see Security World Files.
Erasing a module with new-world
The new-world command-line utility can erase any modules that are in the pre-initialization mode.
To erase modules with the new-world utility, run the command:
new-world [-e|--factory] [-m|--module=<MODULE>]In this command:
| Option | Description | 
|---|---|
| 
 | These options tell  | 
| 
 | These options specify the  | 
Erasing a module with KeySafe
You can erase a module on a server with KeySafe by following these steps:
- 
Start KeySafe. (For an introduction to KeySafe and information on starting the software, see Using KeySafe.) 
- 
Click the World menu button, or select World from the Manage menu. KeySafe takes you to the World Operations panel. 
- 
Click the Erase Module button. KeySafe takes you to the Erase Module panel. 
- 
Select the module that you want to erase by clicking its listing on the Security world status tree, then click the Commit command button. 
- 
KeySafe erases all secrets from the module, returning it to its factory state. 
| If you have any keys that were protected by an erased module, you cannot access them unless you restore these secrets. You cannot restore these secrets unless you have the appropriate ACS. | 
Erasing a module with initunit
The initunit command-line utility erases any modules that are in the pre-initialization state.
To erase modules with the initunit utility, run the command:
initunit [-m|--module=<MODULE>] [-s|--strong-kml]In this command, --module=<MODULE> specifies the ID of the module you want to erase.
If you do not specify this option, all modules in the pre-initialization state are erased. --strong-kml specifies that the module generates an AES (SP800-131A) module signing key, rather than the default key.
| The --disablepkcs1padoption will only work on SP800-131A Security Worlds. | 
Replacing an existing Security World
When you erase a Security World from the module’s front panel, all long-term key material is deleted from the module’s memory and all Security World data is removed from the module’s internal file system.
This operation does not remove any files from the remote file system or client machines.
You should remove the files manually from the
/opt/nfast/kmdata/local
directory on the remote file system and any client computers to which the Security World was copied.
| Any Operator Cards created in a previous Security World cannot be used in the new Security World. If you are replacing a Security World, you must erase all the Operator Cards created in the previous Security World before you create the new Security World. See Erasing cards and softcards. | 
Deleting a Security World
You can remove an existing Security World and replace it with a new one if, for example, you believe that your existing Security World has been compromised. However:
- 
You are not able to access any keys that you previously used in a deleted Security World 
- 
It is recommended that you reformat any nShield Remote Administration Cards that were used as Operator Cards within this Security World before you delete it. For more information about reformatting (or erasing) Operator Cards, see Erasing cards and softcards. 
| Except for nShield Remote Administration Cards, if you do not reformat the smart cards used as Operator Cards before you delete your Security World, you must throw them away because they cannot be used, erased, or reformatted without the old Security World key. | 
| You can, and should, reuse the smart cards from a deleted Security World’s ACS. If you do not reuse or destroy these cards, then an attacker with these smart cards, a copy of your data (for example, a weekly backup) and access to any nShield key management HSM can access your old keys. | 
To delete an existing Security World:
- 
Remove all the HSMs from the Security World. 
- 
Delete the files in the Key Management Data directory. There may be copies of the Security World data archive saved on your backup media. If you have not reused or destroyed the old ACS, an attacker in possession of these cards could access your old keys using this backup media. If audit logging was enabled for the Security World then audit logs can still be verified provided that the audit log data is maintained as this contains all the information needed to verify the logs. For further information see Audit Logging. 
Deleting the Security World using the Connect front panel
When you erase a Security World using the unit front panel, all long-term key material is deleted from the HSM’s memory and all Security World data is removed from the HSM’s internal file system.
- 
You will not be able to access any of the keys that you have previously used 
- 
Before you remove an old Security World, you must reformat any smart cards that were used previously as Operator Cards within this Security World. 
| If you do not reformat the smart cards used as Operator Cards before you reinitialize your HSM, you must throw them away because they cannot be used, erased, or reformatted without the old Security World key. | 
You can, and should, reuse the smart cards from the old ACS. If you do not reuse or destroy these cards, then an attacker with these smart cards, a copy of your data (for example, a weekly backup) and access to any nShield key management HSM, can access your old keys.
To erase a Security World using the front panel of the unit, from the main menu select Security World mgmt > Module initialization > Erase Security World.
This operation does not remove any files from the RFS or client machines.
You should remove the files manually from the
/opt/nfast/kmdata/local
directory on the RFS and any client computers to which the Security World was copied.