Prerequisites and product information

This guide covers the following HSMs:

  • nShield Edge

This is a portable Hardware Security Module (HSM) for use in root Certification Authorities (CAs) and Registration Authorities (RAs), code signing, and remote HSM operations. The nShield Edge combines a full-featured HSM with a smart card reader, which you can use to securely store and access your organization’s highvalue occasional-use keys, such as certificate signing keys.

The nShield Edge has been designed and tested for deployments where one HSM is used with one computer or Windows Virtual Machine (VM). Multiple-unit deployments, where multiple nShield Edge HSMs are connected to the same computer or VM, are not supported.

Entrust does not recommend using the nShield Edge alongside other Entrust nShield HSMs on the same computer or VM.

See Model numbers for a list of portable (USB) HSMs and their model numbers.

Safety and security

Do not connect the HSM to a computer that does not have the Security World software installed on it.
There are no user-serviceable parts inside the nShield Edge. Any attempt to dismantle the nShield Edge results in any remaining warranty cover, the maintenance and support agreement, or both being rendered void.

To help maintain security:

  • Always inspect the USB cable and the nShield Edge before use, specifically the Entrust logo hologram in the tamper window shown below. (The nShield Edge Developer Edition does not have a hologram and tamper window.) If there are any signs of tampering, do not use the cable and the nShield Edge.

    edge hologram
  • Where possible, use the lock slot of the nShield Edge to secure it to a desk with a compatible lock (not supplied).

    edge lock
  • Never store or carry smart cards with the nShield Edge.

  • Protect your passphrase in line with your organization’s security policy.

FIPS

There are a number of nShield Edge variants, some certified to different FIPS 140 levels. The FIPS rating is indicated on the label on the nShield Edge.

Dimensions and operating conditions

Dimensions (with stand closed) 120 (w) x 118 (h) x 27 (d) mm

Weight

340g

Powered by USB host device

5V, 700mW

Operating temperature

5 - 45 °C

Storage temperature

-40 - 70 °C

Operating and storage relative humidity

10 - 85% non-condensing

Physical location considerations

Entrust nShield HSMs are certified to NIST FIPS 140 Level 2 and 3. In addition to the intrinsic protection provided by an nShield HSM, customers must exercise due diligence to ensure that the environment within which the nShield HSMs are deployed is configured properly and is regularly examined as part of a comprehensive risk mitigation program to assess both logical and physical threats. Applications running in the environment shall be authenticated to ensure their legitimacy and to thwart possible proliferation of malware that could infiltrate these as they access the HSMs' cryptographic services. The deployed environment must adopt 'defense in depth' measures and carefully consider the physical location to prevent detection of electromagnetic emanations that might otherwise inadvertently disclose cryptographic material.