Show the Table of Contents

You are here: Integration with Your Application > Supported Integrations > Microsoft > CSP Registration Tool

CSP Registration Tool

This section describes integration of Microsoft products with Luna SA.

CSP Registration Tool

The CSP registration tool (installed only with the Luna CSP option) registers HSM Partitions for use with the Luna CSP. It secures the Password for each HSM Partition such that only the user for which the Password was secured is able to un-secure it.

This tool is also used to register any non-RSA algorithms, that are to be performed in software only.

It can be run only by an “Administrator” of the local computer.

Luna CSP is required in order to use Luna SA with Microsoft Certificate Services. Luna CSP is supplied on the Luna SA software CD, but is not installed as part of the standard Luna software installation. If you require Luna CSP, you must install it explicitly, meaning that you must select it as one of the options when you first install, or you must re-insert the software CD at a later time and choose to install the CSP then.

 

Only Administrator or members of the Administrators group are to run "register.exe".
The Luna CSP can be used by any application that acquires the context of the Luna CSP.
All users who login and use the applications that acquired the context have access to the Luna CSP. 

Once the Administrator or member of the Administrators group runs the "/strongprotect" option, only those users that existed previous to the "/strongprotect" command are allowed to use the Luna CSP. If the "/strongprotect" option is not used, then any/all users can use the Luna CSP.

 

First-time Partition Registration

The general form of the command is:

c:\Program Files\SafeNet\LunaClient\CSP> register [/partition | /algorithm | /defaultschannel ] [/highavail] [/strongprotect]

For 64-bit systems the name of the command is "register.exe "

Example

c:\Program Files\SafeNet\LunaClient\CSP> register /partition [/highavail] [/strongprotect]
/partition   option needed to register a partition
/highavail   option needed to register only high availability partitions
/strongprotect   strongly protect the encrypted challenges.

The basic command-line options of register are

Any of them can be run alone. The default command-line option of register is /partition. If you type just register with no additional parameters, then /partition is assumed and you are prompted through the required steps to select and register a Luna SA HSM Partition.

If you type register /highavail or register /strongprotect, then /partition is invoked and the additional option that you selected is run along with it (i.e., /highavail or /strongprotect).

That is, typing register /highavail is the same as typing register /partition /highavail.

Registering Standard HSM Partitions

When registering HSM Partition(s) for use, follow these steps.

  1. Type:
    c:\Program Files\SafeNetLunaClient\CSP> register

    Respond appropriately to the prompts.

    Example
    **************************************************************
    SafeNet Luna CSP, Partition Registration
    Protect the HSM's challenge for the selected partitions.
    NOTE:
    This is a WEAK protection of the challenge!!
    After you have configured all applications that will use
    the Luna CSP, and run them once, you MUST run:
     register /partition /strongprotect *
    to strongly protect the registered challenges!!
    **************************************************************
    This procedure is a destructive procedure and will completely replace any previous settings!!
    Do you wish to continue?: [y/n]
    Do you want to register the partition named 'nes'? [y/n]:
    Please enter the Luna SA challenge for the partition 'nes' :
    Success registering the ENCRYPTED challenge for partition 'nes'.
    Only the Luna CSP will be able to use this data!
    Registered 1 partition(s) for use by the Luna CSP!

    All available Partitions are presented for you to register or not.
  2. Install and/or configure your application(s).
  3. Run each of your applications once to use Luna CSP.
  4. Run:  
    c:\Program Files\SafeNet\LunaClient\CSP> register /strongprotect

 

You must run register /strongprotect in order to ensure the protection of the HSM Partition passwords.

 

  1. Run all applications as usual.

Registering HA Partitions

When registering an HA Partition for use, follow these steps.

  1. Type:
    c:\Program Files\SafeNet\LunaClient\CSP> register /highavail

    Use the /highavail option only if you have HA set up for your Luna SAs.
    Respond appropriately to the prompts.

    Example
    **************************************************************
    SafeNet Luna CSP, Partition Registration
    Protect the HSM's challenge for the selected partitions.
    NOTE:
    This is a WEAK protection of the challenge!!
    After you have configured all applications that will use
    the Luna CSP, and run them once, you MUST run:
     register /partition /strongprotect *
    to strongly protect the registered challenges!!
    **************************************************************
    This procedure is a destructive procedure and will completely replace any previous settings!!
    Do you wish to continue?: [y/n]
    Do you want to register the partition named 'nes'? [y/n]:
    Please enter the Luna SA challenge for the partition 'nes' :
    Success registering the ENCRYPTED challenge for partition 'nes'.
    Only the Luna CSP will be able to use this data!
    Registered 1 partition(s) for use by the Luna CSP!

    If you are using HA, then only the HA virtual Partition is presented for registering.
  2. Install and/or configure your application(s).
  3. Run each of your applications once to use Luna CSP.
  4. Run:  
    c:\Program Files\SafeNet\LunaClient\CSP> register /strongprotect

 

You must run register /strongprotect in order to ensure the protection of the HSM Partition passwords.

 

  1. For 64-bit Windows, run register.exe /l (the " /l " invokes a reconnection to the library).
  2. Run all applications as usual.

Performing Cryptographic Algorithms in Software

Certain operations (symmetric), such as the hash operation may be performed faster in software than on the Luna SA HSM. The register /algorithms command allows you to choose which algorithms to de-register from the Luna SA. The trade-off is a gain in speed, at the cost of some security (exposing the operation in software).  Signing and other asymmetric operations are always done on the HSM.

The command is:

c:\Program Files\SafeNet\LunaClient\CSP> register /algorithms

  1. Run:
    c:\Program Files\SafeNet\LunaClient\CSP> register /algorithms

    You are prompted for yes or no responses about which algorithms are to be registered for software-only use.
    The following dialogue appears.

    Example
    ************************************************************************
    SafeNet Luna CSP, Algorithm Registration

    Register algorithms to be done in software by the Microsoft CSP(s).
    BY DEFAULT, ALL ALGORITHMS ARE DONE IN HARDWARE BY THE Luna SA.
    ONLY NON RSA ALGORITHMS MAY BE CONFIGURED FOR SOFTWARE.
    RSA PUBLIC/PRIVATE ALGORITHMS WILL ALWAYS BE IN HARDWARE.
    ************************************************************************
    Do you want algorithm 'CALG_RC2', done in software?(y/n):
    Do you want algorithm 'CALG_RC4', done in software?(y/n):
    Do you want algorithm 'CALG_RC5', done in software?(y/n):
    Do you want algorithm 'CALG_DES', done in software?(y/n):
    Do you want algorithm 'CALG_3DES_112', done in software?(y/n):
    Do you want algorithm 'CALG_3DES', done in software?(y/n):
    Do you want algorithm 'CALG_MD2', done in software?(y/n):
    Do you want algorithm 'CALG_MD5', done in software?(y/n):
    Do you want algorithm 'CALG_SHA', done in software?(y/n):
    Do you want algorithm 'CALG_MAC', done in software?(y/n):
    Do you want algorithm 'CALG_HMAC', done in software?(y/n):
    Success registering software only algorithms:
    CALG_RC2,CALG_RC4,CALG_RC5,...!
  2. Select any algorithms that are to be re-directed to software.
    If you chose 'no' for all prompts, then all algorithms revert to hardware and the following is displayed.

    Example message after completion
    All algorithms have been de-registered and will now only be done in hardware!

Keymap Utility

Use the keymap utility if you have previously been using another provider (with its keys in the Luna HSM) and wish to migrate to MS CSP keeping your established keys. The keymap utility simply creates on the Luna HSM the data object that MS CSP expects, which in turn makes your existing keys available to MS CSP.

Ms2luna Utility

Use the Ms2luna utility if you already have MS CSP in use with software key storage and you now wish to continue with your keys held on the Luna HSM.

 

Show the Table of Contents