Administration sub-tree overview
The administration sub-tree (enterprises.nCipher.nC-series.administration
) contains information about the permanent state of the hardserver and the connected modules.
It is likely that most of the information in this branch rarely changes over time, unlike the statistics
branch.
The information given in the administration sub-tree is mostly acquired by the NewEnquiry
command and is supplied both per-module and (where appropriate) aggregated over all modules.
The following table gives details of the individual nodes in the administration sub-tree:
Node name | R/W | Type | Remarks |
---|---|---|---|
|
R |
Enum 1: Running 2: NotRunning |
This variable reflects the current state of the hardserver ( |
|
R |
Gauge32 |
Number of nC-series modules. |
|
R |
DisplayString |
Hardserver version string. |
|
R |
Gauge32 |
Number of 1024-bit signatures each second. |
|
R |
Gauge32 |
Minimum recommended queue. |
|
R |
Gauge32 |
Maximum recommended queue. |
|
R |
TruthValue |
|
|
R |
DisplayString |
Security World display flags, as reported by |
|
R/W |
Integer 1: none 2: all 3: query 4: resetquery |
Controls the behavior of the key table (switch off, display all keys, enable individual attribute queries, clear the query fields). Displaying all keys can result in a very long list. |
|
R |
DisplayString |
Supported hardserver facilities (the |
|
R |
Gauge32 |
TCP port on which the hardserver is listening. |
|
R |
DisplayString |
Security World’s generation time. |
|
R |
DisplayString |
ESN of the module that generated the Security World. |
listKeys
can be preset using the keytable
config directive in snmpd.conf
file (see The SNMP configuration file: snmp.conf).
Security World hash sub-tree
The following table gives details of the nodes in the Security World hash sub-tree (enterprises.nCipher.nC-series.administration.swHashes
):
Node name | R/W | Type | Remarks |
---|---|---|---|
|
R |
MHash |
Hash of the Security Officer’s key. |
|
R |
MHash |
Hash of the Security World key. |
|
R |
MHash |
Hash of the recovery authorization key. |
|
R |
MHash |
Hash of the recovery key pair. |
|
R |
MHash |
Hash of the FIPS authorization key. |
|
R |
MHash |
Hash of the module certification key. |
|
R |
MHash |
Hash of the passphrase replacement key. |
|
R |
MHash |
Hash of the nonvolatile memory (NVRAM) authorization key. |
|
R |
MHash |
Hash of the Real Time Clock authorization key. |
|
R |
MHash |
Hash of the SEE Debugging authorization key. |
|
R |
MHash |
Hash of the Foreign Token Open authorization key. |
Security World quorums sub-tree
The following table gives details of the nodes in the Security World quorums sub-tree (enterprises.nCipher.nC-series.administration.swQuorums
):
Node name | R/W | Type | Remarks |
---|---|---|---|
|
R |
Gauge32 |
The default quorum of Administrator cards. |
|
R |
Gauge32 |
The total number of cards in the ACS. |
|
R |
Gauge32 |
The quorum required for module reprogramming. |
|
R |
Gauge32 |
The quorum required to transfer keys for OCS replacement. |
|
R |
Gauge32 |
The quorum required to recover the passphrase for an Operator card. |
|
R |
Gauge32 |
The quorum required to access nonvolatile memory (NVRAM). |
|
R |
Gauge32 |
The quorum required to update the Real Time Clock. |
|
R |
Gauge32 |
The quorum required to view full SEE debug information. |
|
R |
Gauge32 |
The quorum required to use a Foreign Token Open Delegate Key. |
Module administration table
The following table gives details of the nodes in the module administration table (enterprises.nCipher.nC-series.administration.moduleAdminTable
):
Node name | R/W | Type | Remarks |
---|---|---|---|
|
R |
Gauge32 |
Module number of this row in the table. |
|
R |
Integer 1: Operational 2: Pre-init 3: Init 4: Pre-maint 5: Maint 6: AccelOnly 7: Failed 8: Unknown |
Current module state. |
|
R |
DisplayString |
Firmware version string. |
|
R |
Gauge32 |
Speed index (approximate number of 1024-bit modulo exponentiation operations possible per second) of module |
|
R |
Gauge32 |
Module minimum recommended queue length |
|
R |
Gauge32 |
Module maximum recommended queue length |
|
R |
DisplayString |
Module Electronic Serial Number (ESN). |
|
R |
DisplayString |
|
|
R |
DisplayString |
Hardware bus/slot info (such as PCI slot number). |
|
R |
TruthValue |
Indicates whether or not the module is in the current SW. |
|
R |
DisplayString |
Description of smart card in slot (empty, unknown card, admin/operator card from current SW, failed). N/A for acceleration only modules. |
|
R |
Integer 1: Unknown 2: Usable 3: MaintMode 4: Uninitialized 5: Factory 6: Foreign 7: AccelOnly 8: Failed 9: Unchecked 10: InitMode 11: PreInitMode 12: Unverified 13: UnusedTableEntry |
Current module and Security World state. |
|
R |
DisplayString |
Security World flags for this module. |
|
R |
MHash |
Hash of the module’s secret key. |
|
R |
DisplayString |
Features enabled on this module. |
|
R |
DisplayString |
Like |
|
R |
Gauge32 |
Firmware Version Security Number (VSN); |
|
R |
MHash |
KNETI hash, if present. |
|
R |
Gauge32 |
Max. rec. long queue. |
|
R |
DisplayString |
Connection status (for imported modules). |
|
R |
DisplayString |
Connection information (for imported modules). |
|
R |
DisplayString |
SEE machine type. |
Slot administration table
The following table gives details of the nodes in the slot administration table (enterprises.nCipher.nC-series.administration.slotAdminTable
):
Node name | R/W | Type | Remarks |
---|---|---|---|
|
R |
Integer32 |
Module number of the module containing the slot. |
|
R |
Integer32 |
Slot number (1-based, unlike nCore which is 0-based). |
|
R |
Integer 1: Datakey 2: Smart card 3: Emulated 4: Soft token 5: Unconnected 6: Out of range 7: Unknown |
Slot type. |
|
R |
DisplayString |
Flags referring to the contents of the slot (from |
|
R |
Integer 1: Unused 2: Empty 3: Blank 4: Administrator 5: Operator 6: Unidentified 7: Read error 8: Partial 9: Out of range |
|
|
R |
DisplayString |
Flags referring to attributes of the slot (from |
|
R |
Gauge32 |
Share number of card currently in slot, if present. |
|
R |
DisplayString |
Names of shares present in card currently in slot. |
Card set administration table
The following table gives details of the nodes in the card set administration table (enterprises.nCipher.nC-series.administration.cardsetAdminTable
):
Node name | R/W | Type | Remarks |
---|---|---|---|
|
R |
MHash |
Hash of the token protected by the card set. |
|
R |
DisplayString |
|
|
R |
Gauge32 |
Required number of cards in the card set. |
|
R |
Gauge32 |
Total number of cards in the card set. |
|
R |
DisplayString |
Other attributes of the card set. |
|
R |
DisplayString |
Names of individual cards, if set. |
|
R |
Gauge32 |
Token time-out period, in seconds, or 0 if none. |
|
R |
DisplayString |
Generation time of card set. |
Key administration table
The key administration table is visible as long as the listKeys
node in the administration sub-tree is set to a value other than none
.
The following table gives details of the nodes in the key administration table (enterprises.nCipher.nC-series.administration.keyAdminTable
):
Node name | R/W | Type | Remarks |
---|---|---|---|
|
R |
DisplayString |
Application name. |
|
R |
DisplayString |
Name of key, as generated by the application. |
|
R |
MHash |
|
|
R |
Integer 1: Enabled 2: Disabled 3: No key 4: Unknown 5: Invalid 6: Unset |
The value |
|
R |
Integer 1: Module 2: Cardset 3: No key 4: Unknown 5: Invalid 6: Unset |
The value |
|
R |
MHash |
Hash of the card set protecting the key, if applicable. |
|
R |
DisplayString |
Certificate and public key flags. |
|
R |
Gauge32 |
Number of extra key attributes. |
|
R |
DisplayString |
SEE integrity key, if present. |
|
R |
DisplayString |
ESN of the module that generated the key, if present. |
|
R |
Gauge32 |
Time limit for the key, if set. |
|
R |
Gauge32 |
Per-authentication use limit for the key. |
Key query sub-tree
The key query sub-tree is used if the listKeys
node in the administration sub-tree is set to query
.
If these values are set, they are taken as required attributes for filtering the list of available keys; if multiple attributes are set, the filters are combined (AND rather than OR).
The following table gives details of the nodes in the key query sub-tree (enterprises.nCipher.nC-series.administration.keyQuery
):
Node name | R/W | Type | Remarks |
---|---|---|---|
|
R/W |
DisplayString |
Application name. |
|
R/W |
DisplayString |
Name of key, as generated by the application. |
|
R/W |
DisplayString |
|
|
R/W |
Integer 1: Enabled 2: Disabled 3: No key 4: Unknown 5: Invalid 6: Unset |
The value |
|
R/W |
Integer 1: Module 2: Cardset 3: No key 4: Unknown 5: Invalid 6: Unset |
The value |
|
R/W |
DisplayString |
Hash of the card set protecting the key, if applicable. |
|
R/W |
DisplayString |
Certificate and public key flags. |
|
R/W |
Gauge32 |
Number of extra key attributes. |
|
R/W |
DisplayString |
SEE integrity key, if present. |
|
R/W |
DisplayString |
ESN of the module that generated the key, if present. |
|
R/W |
Gauge32 |
Time limit for the key, if set (0 for no limit). |
|
R/W |
Gauge32 |
Per-authentication use limit for the key (0 for no limit). |