|
Home > |
|---|
When you launch the ckdemo utility, the ckdemo menu is displayed. The ckdemo menu provides access to numerous functions in several categories, as illustrated below:
Figure 1: The ckdemo menu
TOKEN:
( 1) Open Session ( 2) Close Session ( 3) Login
( 4) Logout ( 5) Change PIN ( 6) Init Token
( 7) Init Pin ( 8) Mechanism List ( 9) Mechanism Info
(10) Get Info (11) Slot Info (12) Token Info
(13) Session Info (14) Get Slot List (15) Wait for Slot Event
(16) Token Status (18) Factory Reset (19) CloneMofN
(33) Token Insert (34) Token Delete
(36) Show Roles (37) Show Role Configuration Policies
(38) Show Role State (39) Get OUID
(58) HSM Zeroize (59) Token Zeroize
OBJECT MANAGEMENT:
(20) Create object (21) Copy object (22) Destroy object
(23) Object size (24) Get attribute (25) Set attribute
(26) Find object (27) Display Object
(30) Modify Usage Count (31) Destroy Multiple Objects
(32) Extract Public Key
SECURITY:
(40) Encrypt file (41) Decrypt file (42) Sign
(43) Verify (44) Hash file (45) Simple Generate Key
(46) Digest Key
HIGH AVAILABILITY RECOVERY:
(50) HA Init (51) HA Login (52) HA Status
KEY:
(60) Wrap key (61) Unwrap key (62) Generate random number
(63) Derive Key (64) PBE Key Gen (65) Create known keys
(66) Seed RNG (67) EC User Defined Curves
CA:
(70) Set Domain (71) Clone Key (72) Set MofN
(73) Generate MofN (74) Activate MofN (75) Generate Token Keys
(76) Get Token Cert Info (77) Sign Token Cert
(78) Generate CertCo Cert (79) Modify MofN
(86) Dup. MofN Keys (87) Deactivate MofN
(88) Get Token Certificates (112) Set Legacy Cloning Domain
OTHERS:
(90) Self Test
(94) Open Access (95) Close Access
(97) Set App ID (98) Options (100) LKM Commands
OFFBOARD KEY STORAGE:
(101) Extract Masked Object (102) Insert Masked Object
(103) Multisign With Value (104) Clone Object
(105) SIMExtract (106) SIMInsert
(107) SimMultiSign (118) Extract Object
(119) Insert Object
SCRIPT EXECUTION:
(108) Execute Script (109) Execute Asynchronous Script
(110) Execute Single Part Script
CLUSTER EXECUTION:
(111) Get Cluster State
(113) Lock Clustered Slot (114) Unlock Clustered Slot
PED INFO:
(120) Set Ped Info (121) Get Ped Info (122) Init RPV
(123) Delete RPV
AUDIT/LOG:
(130) Get Config (131) Set Config (132) Verify logs
(133) Get Time (134) Set Time (135) Import Secret
(136) Export Secret (137) Init Audit (138) Get Status
(139) Log External
SRK:
(200) SRK Get State (201) SRK Restore (202) SRK Resplit
(203) SRK Zeroize (204) SRK Enable/Disable
POLICY:
(53) Show Partition Policies (54) Set Partition Policies
(55) Show HSM Policies (56) Set HSM Policies (57) Set Destructive HSM Policies
(TITLE) menu titles, (99 or FULL) Full Help, (NONE) No help, (0 or EXIT) Quit
Enter your choice :
To execute one of the functions listed in the menu, type the number of the function and press Enter. In general, if parameters or options are required, you are prompted to provide the additional information. Because most of the commands represent separate functions on an HSM, you may need to use more than one command to accomplish a task. For example, many of the commands require that you open a session on a token slot or HSM partition. Other commands require that you first login to the HSM or partition.
Functions that involve authentication or initialization of the HSM invoke the SafeNet PED for Trusted Path appliances. If the SafeNet PED is not connected and ready when a command is issued, the command eventually times out. If the SafeNet PED is connected and ready, it displays a prompt requesting the appropriate action. If you do not provide the requested PED Key or keypad press, the SafeNet PED eventually times out and returns an error to the calling application (in this case, ckdemo).
The individual ckdemo functions are described in detail in the following sections:
•The CLUSTER EXECUTION Menu Functions
•The HIGH AVAILABILITY RECOVERY Menu Functions
•The OBJECT MANAGEMENT Menu Functions
•The OFFBOARD KEY STORAGE Menu Functions