CSP Setup and Utilities

Entrust provides a CSP installation wizard that creates a new Security World, loads an existing Security World, or sets up the modexp offload DLL. The CSP installation wizard also generates new OCSs and the set-up parameters of the CSP, and allows HSM Pool mode to be configured for CAPI. However, the installation wizard is not suitable for complex Security World setups. If you require more flexibility than the CSP install wizard provides, use new-world and createocs, or KeySafe, to create your Security World.

The standard Security World utility nfkmverify should be used to check the security of all stored keys in the Security World; nfkminfo, nfkmcheck and other standard utilities can also be used to assist in this process.

Additionally, Entrust provides some CSP-specific command-line utilities:

  • csputils provides an overview of the containers and keys present and also tells you the values of the counters for key-counted keys.

  • cspcheck is for use alongside nfkmcheck.

  • cspimport allows you to move keys between containers or to import a pre-generated NFKM key into a container.

  • cspmigrate allows you to move the CSP container information from the registry into the Security World.

  • cspnvfix allows you to regenerate NVRAM areas in modules where these have been erased (for example, by reinitialization).

  • csptest is a general test utility that can be used to list the capabilities of installed nShield and Microsoft CSPs or to perform a soak test.

  • keytst allows you to generate containers and keys and also to list the available containers.

  • configure-csp-poolmode allows you to configure HSM Pool mode for the nShield CAPI CSP without using the CSP wizard.

For more information about these utilities, see the User Guide for your HSM.