AThe Hardware Secured Certificates (HSC) feature provides the ability to confirm that an object was created in a SafeNet HSM. This feature permanently injects an asymmetric key and an associated SafeNet-Chrysalis-signed certificate into each HSM during manufacturing which then can provide validation for an associated HSM identification private signing key that uniquely identifies the HSM. This manufacturer-validated devicee identification mechanism enables a strong trust model whereby customers can be assured that they are communicating with specific SafeNet hardware units in a way that cannot be spoofed. Additionally, this functionality supports the loading of multiple certificates in the supported structure (X.509) from various sources.
HSC allows users to have a higher level of trust in a given public-key/certificate knowing without question that the corresponding private key is secured in a FIPS 140-2 validated SafeNet HSM. In practice, this trust is established through a Public Key Confirmation (PKC) mechanism that allows end-users to generate special certificates that clearly identify the associated key pairs as having been generated from a validated HSM.
The HSC functionality, in combination with the Crypto-Officer/Crypto-User roles, represents a complete solution for organizations that require a very high degree of trust along with separation of duties in order to conform to certain regulatory requirements and emerging standards.
[sa5] lunash:>hsm checkCertificates
MAC found -- certificatePolicies: evaluated to FIPS 140-2 Level 3 <<<-- Not all configurations.
DAC found -- certificatePolicies: meets requirements of FIPS 140-2 Level 3
Command Result : 0 (Success)
[sa5] lunash:>