CSP Setup and Utilities

Install the CAPI CSP

Entrust provides a CSP installation wizard that enables you to install the CAPI CSP. A shortcut to the CSP installation wizard is created in the Start menu when the Security World Software is installed: Start > Entrust nShield Security World. The CSP installation wizard registers the CAPI CSP as a key provider on your system.

Install the CAPI CSP using the 32-bit or the 64-bit installation wizard depending on whether you want to run 32-bit or 64-bit applications with the nShield CAPI provider.

Additional functionality of the CSP installation wizard

You can also perform the following actions with the CSP installation wizard:

  • Load existing Security World

  • Set up the modexp offload DLL

  • Generate new Operator Card Sets (OCS)

  • Configure the setup parameters of the CSP, including HSM Pool mode.
    With module firmware version 2.65.2 or later, if your application only uses module protected keys, you can use HSM Pool mode with multiple hardware security modules. HSM Pool mode exposes a single pool of HSMs and supports returning or adding a hardware security module to the pool without restarting the system. With a FIPS 140 Level 3 Security World, keys cannot be created in HSM Pool mode, however keys created outside HSM Pool mode can be used in HSM Pool mode.

The CSP installation wizard is not suitable for creating Security Worlds. Use new-world and createocs to create your Security World.

The standard Security World utility nfkmverify should be used to check the security of all stored keys in the Security World; nfkminfo, nfkmcheck and other standard utilities can also be used to assist in this process.

Uninstall the CAPI CSP

To uninstall the CAPI CSP and unregister it as a cryptographic provider on your system, run the cngregister and cnginstall commands with the -U option. For more information, see Utilities for the CAPI CSP.