Home > |
---|
This section applies to versions of SafeNet HSM that control access via typed text-string authentication, or passwords, at all authentication levels. For SafeNet HSMs, this is sometimes referred to as "FIPS 140-2 Level 2" or simply "FIPS Level 2" or "FIPS 2" authentication.
If you received a SafeNet PED and PED Keys, then your SafeNet appliance's HSM probably uses Trusted Path Authentication, and not Password Authentication (verify with the hsm displayLicenses command), and this page does not apply to you. We also can refer to that version as "FIPS 140-2 Level 3" authentication. See "About Trusted Path Authentication", instead.
In general, there are two paths to access the SafeNet appliance and its HSM:
•the administrative path, via SSH or via local serial link, which uses the lunash command-line interface
•the Client path, via SSL, by which client applications use the SafeNet Network HSM API to perform cryptographic functions within pre-assigned virtual HSMs (called Partitions) on the SafeNet system.
For SafeNet HSMs with Password Authentication, the various, layered roles are protected by passwords:
Role | Description |
---|---|
Appliance Admin | When you login to the SafeNet appliance via lunash the only accepted ID is "admin" which requires the admin password. As the appliance admin, you can connect and login locally, via a serial terminal, or remotely via SSH. With no other authentication, admin can perform general, appliance-level administration. |
HSM Admin |
To access the HSM to perform HSM-specific administration tasks (set HSM-wide policies, update firmware and capabilities, backup and restore the HSM, create and remove HSM Partitions, etc.), you must be logged in to lunash as admin, then you must further be logged in as HSM Admin (of which there can be only one per SafeNet HSM) . Good security practices suggest that the HSM Admin password should be different from the appliance admin password. However, your corporate policies may differ. As the HSM Admin, you can connect locally, via a serial terminal, or remotely via SSH – you must first be logged in as admin to have access to lunash commands. |
Partition Owner |
To access HSM Partitions, in order to perform Partition-specific administration tasks (set Partition-specific policies, assign Partition to Clients, revoke Clients, etc.), you must be logged in to lunash as admin, then you must further be logged in as Partition Owner (of which there can be several -- one for each Partition in the HSM) , using the Partition Password. Good security practices suggest that the Partition Password should be different from the appliance admin password, different than the HSM Admin password, and different than other Partition Passwords (for other Partitions). However, your corporate policies may differ. As the Partition Owner, you can connect locally, via a serial terminal, or remotely via SSH – you must first be logged in as admin to have access to lunash commands. |
Client |
To access HSM Partitions with an application to perform cryptographic operations on data, you must connect remotely via SSL (called NTLS in our implementation) as a Client (one that has been registered by certificate exchange and assigned by the Partition Owner to this Partition) , then pass a User-type (this is done invisibly by your client application), and present the Partition Password (also done automatically by your application). The password used by a Client is the same Partition Password that is used by the Partition Owner for the particular Partition. What limits the scope of operations that a registered, authenticated Client can perform on a Partition is the fact that Partition administrative commands can be issued only via lunash. Thus, for security, Clients must not be allowed to learn the appliance admin password that gives access to lunash. |
Objects on the HSM are encrypted by the owner of the HSM Admin space or of the User space (partition), and can be decrypted and accessed only by means of the specific secret (password) imparted by the HSM Admin or the partition User respectively.
If you cannot present the secret (the password) that encrypted the objects, then the HSM is just a secure storage device to which you have no access, and those objects might as well not exist.