Administration sub-tree overview

The administration sub-tree (enterprises.nCipher.nC-series.administration) contains information about the permanent state of the hardserver and the connected modules. It is likely that most of the information in this branch rarely changes over time, unlike the statistics branch. The information given in the administration sub-tree is mostly acquired by the NewEnquiry command and is supplied both per-module and (where appropriate) aggregated over all modules.

The following table gives details of the individual nodes in the administration sub-tree:

Node name R/W Type Remarks

hardserverRunning

R

Enum

1: Running

2: NotRunning

This variable reflects the current state of the hardserver (Running or NotRunning).

noOfModules

R

Gauge32

Number of nC-series modules.

hsVersion

R

DisplayString

Hardserver version string.

globalSpeedIndex

R

Gauge32

Number of 1024-bit signatures each second.

globalMinQ

R

Gauge32

Minimum recommended queue.

globalMaxQ

R

Gauge32

Maximum recommended queue.

securityWorld

R

TruthValue

True if a Security World is installed and operational.

swState

R

DisplayString

Security World display flags, as reported by nfkminfo.

listKeys

R/W

Integer

1: none

2: all

3: query

4: resetquery

Controls the behavior of the key table (switch off, display all keys, enable individual attribute queries, clear the query fields). Displaying all keys can result in a very long list.

serverFlags

R

DisplayString

Supported hardserver facilities (the NewEnquiry level 4 flags).

remoteServerPort

R

Gauge32

TCP port on which the hardserver is listening.

swGenTime

R

DisplayString

Security World’s generation time.

swGeneratingESN

R

DisplayString

ESN of the module that generated the Security World.

listKeys can be preset using the keytable config directive in snmpd.conf file (see The SNMP configuration file: snmp.conf).

Security World hash sub-tree

The following table gives details of the nodes in the Security World hash sub-tree (enterprises.nCipher.nC-series.administration.swHashes):

Node name R/W Type Remarks

hashKNSO

R

MHash

Hash of the Security Officer’s key.

hashKM

R

MHash

Hash of the Security World key.

hashKRA

R

MHash

Hash of the recovery authorization key.

hashKRE

R

MHash

Hash of the recovery key pair.

hashKFIPS

R

MHash

Hash of the FIPS authorization key.

hashKMC

R

MHash

Hash of the module certification key.

hashKP

R

MHash

Hash of the passphrase replacement key.

hashKNV

R

MHash

Hash of the nonvolatile memory (NVRAM) authorization key.

hashKRTC

R

MHash

Hash of the Real Time Clock authorization key.

hashKDSEE

R

MHash

Hash of the SEE Debugging authorization key.

hashKFTO

R

MHash

Hash of the Foreign Token Open authorization key.

Security World quorums sub-tree

The following table gives details of the nodes in the Security World quorums sub-tree (enterprises.nCipher.nC-series.administration.swQuorums):

Node name R/W Type Remarks

adminQuorumK

R

Gauge32

The default quorum of Administrator cards.

adminQuorumN

R

Gauge32

The total number of cards in the ACS.

adminQuorumM

R

Gauge32

The quorum required for module reprogramming.

adminQuorumR

R

Gauge32

The quorum required to transfer keys for OCS replacement.

adminQuorumP

R

Gauge32

The quorum required to recover the passphrase for an Operator card.

adminQuorumNV

R

Gauge32

The quorum required to access nonvolatile memory (NVRAM).

adminQuorumRTC

R

Gauge32

The quorum required to update the Real Time Clock.

adminQuorumDSEE

R

Gauge32

The quorum required to view full SEE debug information.

adminQuorumFTO

R

Gauge32

The quorum required to use a Foreign Token Open Delegate Key.

Module administration table

The following table gives details of the nodes in the module administration table (enterprises.nCipher.nC-series.administration.moduleAdminTable):

Node name R/W Type Remarks

moduleAdminIndex

R

Gauge32

Module number of this row in the table.

mode

R

Integer

1: Operational

2: Pre-init

3: Init

4: Pre-maint

5: Maint

6: AccelOnly

7: Failed

8: Unknown

Current module state.

fwVersion

R

DisplayString

Firmware version string.

speedIndex

R

Gauge32

Speed index (approximate number of 1024-bit modulo exponentiation operations possible per second) of module

minQ

R

Gauge32

Module minimum recommended queue length

maxQ

R

Gauge32

Module maximum recommended queue length

serialNumber

R

DisplayString

Module Electronic Serial Number (ESN).

productName

R

DisplayString

hwPosInfo

R

DisplayString

Hardware bus/slot info (such as PCI slot number).

moduleSecurityWorld

R

TruthValue

Indicates whether or not the module is in the current SW.

smartcardState

R

DisplayString

Description of smart card in slot (empty, unknown card, admin/operator card from current SW, failed). N/A for acceleration only modules.

moduleSWState

R

Integer

1: Unknown

2: Usable

3: MaintMode

4: Uninitialized

5: Factory

6: Foreign

7: AccelOnly

8: Failed

9: Unchecked

10: InitMode

11: PreInitMode

12: Unverified

13: UnusedTableEntry

Current module and Security World state.

moduleSWFlags

R

DisplayString

Security World flags for this module.

hashKML

R

MHash

Hash of the module’s secret key.

moduleFeatures

R

DisplayString

Features enabled on this module.

moduleFlags

R

DisplayString

Like serverFlags, but for each module.

versionSerial

R

Gauge32

Firmware Version Security Number (VSN);

hashKNETI

R

MHash

KNETI hash, if present.

longQ

R

Gauge32

Max. rec. long queue.

connectionStatus

R

DisplayString

Connection status (for imported modules).

connectionInfo

R

DisplayString

Connection information (for imported modules).

machineTypeSEE

R

DisplayString

SEE machine type.

Slot administration table

The following table gives details of the nodes in the slot administration table (enterprises.nCipher.nC-series.administration.slotAdminTable):

Node name R/W Type Remarks

slotAdminModuleIndex

R

Integer32

Module number of the module containing the slot.

slotAdminSlotIndex

R

Integer32

Slot number (1-based, unlike nCore which is 0-based).

slotType

R

Integer

1: Datakey

2: Smart card

3: Emulated

4: Soft token

5: Unconnected

6: Out of range

7: Unknown

Slot type.

slotFlags

R

DisplayString

Flags referring to the contents of the slot (from slotinfo).

slotState

R

Integer

1: Unused

2: Empty

3: Blank

4: Administrator

5: Operator

6: Unidentified

7: Read error

8: Partial

9: Out of range

Partial refers to cards in a partially-created card set.

slotListFlags

R

DisplayString

Flags referring to attributes of the slot (from getslotlist).

slotShareNumber

R

Gauge32

Share number of card currently in slot, if present.

slotSharesPresent

R

DisplayString

Names of shares present in card currently in slot.

Card set administration table

The following table gives details of the nodes in the card set administration table (enterprises.nCipher.nC-series.administration.cardsetAdminTable):

Node name R/W Type Remarks

hashKLTU

R

MHash

Hash of the token protected by the card set.

cardsetName

R

DisplayString

cardsetK

R

Gauge32

Required number of cards in the card set.

cardsetN

R

Gauge32

Total number of cards in the card set.

cardsetFlags

R

DisplayString

Other attributes of the card set.

cardsetNames

R

DisplayString

Names of individual cards, if set.

cardsetTimeout

R

Gauge32

Token time-out period, in seconds, or 0 if none.

cardsetGenTime

R

DisplayString

Generation time of card set.

Key administration table

The key administration table is visible as long as the listKeys node in the administration sub-tree is set to a value other than none.

The following table gives details of the nodes in the key administration table (enterprises.nCipher.nC-series.administration.keyAdminTable):

Node name R/W Type Remarks

keyAppname

R

DisplayString

Application name.

keyIdent

R

DisplayString

Name of key, as generated by the application.

keyHash

R

MHash

keyRecovery

R

Integer

1: Enabled

2: Disabled

3: No key

4: Unknown

5: Invalid

6: Unset

The value unset is never returned by the key table. If you set the value unset, the keys are not filtered based on any of the attributes.

keyProtection

R

Integer

1: Module

2: Cardset

3: No key

4: Unknown

5: Invalid

6: Unset

The value unset is never returned by the key table. If you set the value unset, the keys are not filtered based on any of the attributes.

keyCardsetHash

R

MHash

Hash of the card set protecting the key, if applicable.

keyFlags

R

DisplayString

Certificate and public key flags.

keyExtraEntries

R

Gauge32

Number of extra key attributes.

keySEEInteg

R

DisplayString

SEE integrity key, if present.

keyGeneratingESN

R

DisplayString

ESN of the module that generated the key, if present.

keyTimeLimit

R

Gauge32

Time limit for the key, if set.

keyPerAuthUseLimit

R

Gauge32

Per-authentication use limit for the key.

Key query sub-tree

The key query sub-tree is used if the listKeys node in the administration sub-tree is set to query.

If these values are set, they are taken as required attributes for filtering the list of available keys; if multiple attributes are set, the filters are combined (AND rather than OR).

The following table gives details of the nodes in the key query sub-tree (enterprises.nCipher.nC-series.administration.keyQuery):

Node name R/W Type Remarks

keyQueryAppname

R/W

DisplayString

Application name.

keyQueryIdent

R/W

DisplayString

Name of key, as generated by the application.

keyQueryHash

R/W

DisplayString

keyQueryRecovery

R/W

Integer

1: Enabled

2: Disabled

3: No key

4: Unknown

5: Invalid

6: Unset

The value unset is never returned by the key table. If you set the value unset, the keys are not filtered based on any of the attributes.

keyQueryProtection

R/W

Integer

1: Module

2: Cardset

3: No key

4: Unknown

5: Invalid

6: Unset

The value unset is never returned by the key table. If you set the value unset, the keys are not filtered based on any of the attributes.

keyQueryCardsetHash

R/W

DisplayString

Hash of the card set protecting the key, if applicable.

keyQueryFlags

R/W

DisplayString

Certificate and public key flags.

keyQueryExtraEntries

R/W

Gauge32

Number of extra key attributes.

keyQuerySEEInteg

R/W

DisplayString

SEE integrity key, if present.

keyQueryGeneratingESN

R/W

DisplayString

ESN of the module that generated the key, if present.

keyQueryTimeLimit

R/W

Gauge32

Time limit for the key, if set (0 for no limit).

keyQueryPerAuthUseLimit

R/W

Gauge32

Per-authentication use limit for the key (0 for no limit).