Utilities for the CAPI CSP

CSP version 1.11.0 and later provides you with the following utilities. These utilities can help you migrate from the older Windows registry-based CSP container storage to the newer CSP format, There are also utilities to manage the interfaces between the MSCAPI library and the module. The CSP format stores all information about a Security World in the Key Management Data directory.

Utility Description

Utility	Description
`cspcheck`	This utility checks that CSP container files are intact and uncorrupted, and also that referenced key files exist. Use `cspcheck` in conjunction with `nfkmcheck`, but run `nfkmcheck` first in order to test the integrity of your Security World files.
`cspimport`	This utility allows you to insert keys manually into existing CSP containers. This utility has two modes that either allow you to change a container’s key association to that of an arbitrary Security World key or to copy CSP keys between containers.
`cspmigrate`	This utility moves the CSP container information from the registry into the Security World. If a new container already exists and has a key in it, and an identically-named old container exists with the same key, the utility asks you which key to keep. You can either: Enter `-q` to keep the new keys. Enter `-f` to overwrite new keys with old keys.
`cspnvfix`	Regenerate an erased NVRAM key counter area for a specified nShield CSP key.
`csptest`	Test the installed Cryptographic Service Providers. This can be used to list the capabilities of installed nShield and Microsoft CSPs or to perform a soak test.
`csputils`	This utility lists CSP containers and provides detailed information about them, including the keys present and the values of the counters for key-counted keys. It can also be used to delete container files if the current user has administrative privileges.
`configure-csp-poolmode`	The `--mscapi` option allows HSM Pool mode to be enabled or disabled for the nShield CAPI CSP without using the CSP wizard.
`keytst`	This utility displays information about existing CSP key containers by using the Microsoft CryptoAPI. If you have the appropriate permissions, `keytst` also allows you to create and delete containers and their keys.

cspcheck

This utility checks that CSP container files are intact and uncorrupted, and also that referenced key files exist. Use cspcheck in conjunction with nfkmcheck, but run nfkmcheck first in order to test the integrity of your Security World files.

cspimport

This utility allows you to insert keys manually into existing CSP containers.

This utility has two modes that either allow you to change a container’s key association to that of an arbitrary Security World key or to copy CSP keys between containers.

cspmigrate

This utility moves the CSP container information from the registry into the Security World. If a new container already exists and has a key in it, and an identically-named old container exists with the same key, the utility asks you which key to keep. You can either:

Enter -q to keep the new keys.

Enter -f to overwrite new keys with old keys.

cspnvfix

Regenerate an erased NVRAM key counter area for a specified nShield CSP key.

csptest

Test the installed Cryptographic Service Providers.

This can be used to list the capabilities of installed nShield and Microsoft CSPs or to perform a soak test.

csputils

This utility lists CSP containers and provides detailed information about them, including the keys present and the values of the counters for key-counted keys. It can also be used to delete container files if the current user has administrative privileges.

configure-csp-poolmode

The --mscapi option allows HSM Pool mode to be enabled or disabled for the nShield CAPI CSP without using the CSP wizard.

keytst

This utility displays information about existing CSP key containers by using the Microsoft CryptoAPI. If you have the appropriate permissions, keytst also allows you to create and delete containers and their keys.

Each of these commands has an -h option that displays the usage message for the command.