nShield Security World v13.6.5 Management Guide
Introduction
You must create a Security World before using the HSM to manage keys.
You normally create a Security World after installing and configuring the module and its software. For more information, see:
You create a Security World with a single HSM. If you have more than one module, select one module with which to create the Security World, then add additional modules to the Security World after its creation. If you create a Security World with the audit logging feature enabled, all additional HSMs added to this Security World will also have audit logging enabled.
| To use the module to protect a different set of keys, you can replace an existing Security World with a new Security World. |
| All Security Worlds rely on you using the security features of your operating system to control the users who can access the Security World and, for example, write data to the host. |
(Network-attached HSMs) Other nShield HSMs can also use a Security World created on an nShield HSM using client cooperation. For more information, see Client cooperation.
Display information about your Security World
To display information about the status of your Security World:
-
Run the
nfkminfocommand-line utility. See nfkminfo. -
Run the
kmfile-dumpcommand-line utility. See kmfile-dump. -
Network-attached HSMs: Run the
nethsmadmincommand-line utility. See Copy a Security World to a network-attached HSM and check the current version. -
Network-attached HSMs: Select Security World mgmt > Display World info from the front panel main menu.
You can also use KeySafe to view a summarized description of the Security World.