|
Home > |
|---|
When you have imprinted any PED Key, having set its parameters,
•is it re-used?
•does it have an optional PED PIN?
•is the secret split into N parts?
you are then prompted:
•this invokes the duplication of the PED Key (any number), so that all duplicates can be interchangeable (backups)
•you can now use the original or any of the duplicates to access this HSM or Partition (blue or black keys, respectively), and distribute the others to other personnel or to secure storage
•you should decide how many backup PED Keys are required by your organizational security policies
•you are indicating that no duplicates/backups are necessary
•if you eventually require duplicate/backups for your SO PED Keys, you can do so when you initialize another HSM or when you perform an "hsm so-ped-key change"" (saying "NO" to the "reusing" question, and then saying "YES" to the "duplicating" question at that time)
•if you eventually require duplicate/backups for your Partition User/Crypto Officer PED Keys, you can do so when you create another Partition (saying "NO" to the "reusing" question, and then saying "YES" to the "duplicating" question at that time)
•the same possibility is presented whenever you imprint any of the other keys (Domain, RPK, SRK)
• you can also create duplicates of any PED Key, except the purple (SRK), by means of SafeNet PED's Admin menu.
The duplicate PED Key option permits you to issue (or store) more than one PED Key (duplicates) for any of:
• HSM Admin
•Auditor
•Remote PED vector
•Secure Recovery vector
• Owner PED Key (legacy),
•Partition SO (PPSO),
•Crypto Officer or Crypto User per HSM Partition.
The most common use of this feature is to make backups of each PED Key, for secure storage against possible damage to, or loss of, the primary PED Key for an HSM or token.
Your in-house procedures and working arrangements might benefit from having two or more copies of some-or-all PED Keys for an HSM. For example, if your procedures require that each work-shift must either sign PED Keys over to the next shift, or sign them into lockup storage, then you need only the single primary PED Key in “circulation”, and you have very secure management of such keys.
However, your procedures could be somewhat less stringent. If it proves more convenient and workable to have each person carry his own PED Key(s) on his person at all times, then a copy of the relevant PED Key will be needed by each person who must ever have access to any given HSM Partition, and to each person with HSM Admin/SO privileges.
In summary, this is an option. If you need more copies of a particular PED Key, answer "YES" when you see the "Are you duplicating..." prompt. Any operation that causes SafeNet PED to offer the "Are you duplicating this PED Key? (YES/NO)" prompt is an opportunity to make as many more copies of that key as you wish. If you already have enough duplicates, just answer "NO" whenever you see the prompt.
By implication, your security and operational procedures must ensure that no person takes advantage of that facility to make unauthorized or un-tracked copies of any key.
The SafeNet PED (and the associated HSM) do not know how many copies you have made, so you are given the option every time you initialize an HSM or create a role or secret, just in case you might want to create some more duplicates of the currently inserted key. You can also make copies at any time by using the on-board admin menu of the SafeNet PED 2.x. If your security model allows people to carry PED Keys around, this might be a good argument for imposing the use of PED PIN "something you know" secrets when initializing. If somebody loses an imprinted PED Key, the person who finds it has potential access to your HSM, in that role. However, if a misplaced (or stolen) imprinted PED Key also has a PED PIN associated with it, then it would be much more difficult for the finder to make use of the found/stolen PED Key.
Duplicate PED Keys are not the same as MofN-split PED Keys. Whatever secret is on a PED Key that you duplicate is the secret that is contained on the duplicate(s). If you selected "M value" and "N value" to be 1 (one) when creating the first PED Key, then there is no splitting of the secret, therefore any duplicate of that key is also a complete, self-contained copy of that secret, and either the original or the duplicate is fully sufficient to authenticate. If you choose to split a secret when creating it, by selecting "M value" and "N value" greater than 1 (one), then a duplicate of that secret must create duplicates of all the splits.