CSP Setup and Utilities
Entrust provides a CSP installation wizard that creates a new Security World, loads an existing Security World, or sets up the modexp offload DLL.
The CSP installation wizard also generates new OCSs and the set-up parameters of the CSP, and allows HSM Pool mode to be configured for CAPI.
However, the installation wizard is not suitable for complex Security World setups.
If you require more flexibility than the CSP install wizard provides, use new-world
and createocs
, or KeySafe
, to create your Security World.
The standard Security World utility nfkmverify
should be used to check the security of all stored keys in the Security World; nfkminfo
, nfkmcheck
and other standard utilities can also be used to assist in this process.
Additionally, Entrust provides some CSP-specific command-line utilities:
-
csputils
provides an overview of the containers and keys present and also tells you the values of the counters for key-counted keys. -
cspcheck
is for use alongsidenfkmcheck
. -
cspimport
allows you to move keys between containers or to import a pre-generated NFKM key into a container. -
cspmigrate
allows you to move the CSP container information from the registry into the Security World. -
cspnvfix
allows you to regenerate NVRAM areas in modules where these have been erased (for example, by reinitialization). -
csptest
is a general test utility that can be used to list the capabilities of installed nShield and Microsoft CSPs or to perform a soak test. -
keytst
allows you to generate containers and keys and also to list the available containers. -
configure-csp-poolmode
allows you to configure HSM Pool mode for the nShield CAPI CSP without using the CSP wizard.
For more information about these utilities, see the User Guide for your HSM.