Home > |
---|
Move RSA keys to hardware. This command migrates the SafeNet keys used to secure the NTLS link from the SafeNet appliance's file system into the HSM.
If you use sysconf regenCert, the generated private key, public key and certificate reside, by default, in the SafeNet appliance's file system.
This command (sysconf secureKeys) moves your existing RSA keys into the HSM.
You must be logged in to use this command.
Once the keys reside in the HSM, any operation that needs the private key will require HSM access. For this reason, whenever the system is rebooted (maintenance, power outage, etc.) you must run ntls activateKeys to activate (authenticate to) the partition containing those keys.
If your application sets up an NTLS link and then runs multiple crypto operations over that link, you are unlikely to notice an operational difference. If your application sets up and tears down the link for each crypto operation, then the slight additional overhead might become apparent.
sysconf securekeys [-force]
Parameter | Shortcut | Description |
---|---|---|
-force | -f | Force the action without prompting. |
lunash:> sysconf secureKeys
WARNING !! This command migrates the SSL RSA keys to the internal hardware module.
If you are sure that you wish to proceed, then type 'proceed', otherwise type 'quit'
> proceed
Proceeding...
Enter User Password:
Proceeding to migrate keys to "Cryptoki User" with handle 13
Success: NTLS keys are in hardware.
Command Result : 0 (Success)
[myLuna] lunash:>ntls activateKeys
Enter User Password:
Stopping ntls:OK
Starting ntls:OK:
Command Result : 0 (Success)