Application interfaces
You can use KeySafe or the generatekey utility to generate or import keys for use with your applications (see Working with keys).
By default, KeySafe uses the same mechanisms and supports the same applications as the generatekey utility.
| On Linux, you must add the user of any application that uses an nShield HSM to the group nfast before the application runs. On Windows, by default any user is allowed to use any application that uses an nShield HSM. |
| Network-attached HSMs only: If you create keys on a client that is not on the same computer as the RFS, you must copy the key data to the RFS before the nShield HSM can use these keys. |
nShield native and custom applications
Use the nShield native option for applications that were written using nShield key management software and that expect keys to be both protected by the Security World and stored in the Security World data structure.
Use the custom external application option for applications that were written using nShield key management software and that expect their keys to be in standalone files.
KeySafe does not place any restrictions on the OCS that is used to protect nShield native or custom application keys.
You must make sure that your application is capable of loading the card set.
|