CTCONF
Configuration utility for the SafeNet ProtectToolkit-C environment.
The ctconf utility is used to configure the operating parameters for SafeNet ProtectToolkit-C.
By default, ctconf will report configurable settings for the first device found. Some options are only applicable to either the hardware or software implementation of SafeNet ProtectToolkit-C.
NOTE When operating in WLD/HA mode, this utility should only be used to view the configuration. Any changes to the configuration should be made in NORMAL mode. See Operation in WLD Mode and Operation in HA Mode.
Syntax
ctconf [–a<device>] [–b<name>] [–c<slots>] [–d<slot>] [–e] [–f<flags>] [–g<file>] [–h] [–i<file>] [–j<file>] [–k<file>] [–l] [–m<mode>] [–n<slot>] [–p] [–q] [–r<slot>] [–s] [–t] [–v] [–x] [––rtc–adj–access–control–rule=<secs>:<count>:<days>] [––rtc–adj–access–control=<0 | 1>]
Option |
Description |
||||||
---|---|---|---|---|---|---|---|
–a<device> |
––device–number=<device> Use the admin token on the specified device |
||||||
–b<name> |
––fm–cert=<name> FM validation certificate |
||||||
–c<slots> |
––create–slots=<slots> Create slots new User slots |
||||||
–d<slot> |
––delete–slot=<slot> Delete and remove User slot with ID slot (You cannot delete the admin slot). |
||||||
–e | ––event–log
Prints the event log on stdout |
||||||
–f<flags> |
Configures security flags. Security flags are used to implement security policies. Multiple flags may be set simultaneously. For example the command: ctconf –ftu would set both the t and the u flags. When flags are set, any flags set previously are cleared. Setting ctconf –f0 clears all the flags and places the device in SafeNet Default Mode (no flags set). This security policy is described in the "Typical Security Policies" section SafeNet Default Mode. Use other flags values to set flags as follows: Each of these flags is fully described in Security Flag Descriptions. |
||||||
–g<file> |
––upgrade–fw=<file> Upgrade firmware with file |
||||||
–h | ––help
Display usage information |
||||||
–i<file> |
––integrity–fw=<file> Verify the authenticity/integrity of a firmware file by specifying its filename. |
||||||
–j<file> |
––download–fm=<file> Download FM module file |
||||||
–k<file> |
––validate–fm=<file> Validate FM module file |
||||||
–l<fmID> |
––delete–fm ––disable–fm ––fmid=<fmid> Disable/delete an FM module, specifying the FM ID in hex format. |
||||||
–m<n> |
––mode=<n> Set the transport mode for the HSM. The following transport modes can be set with <n>:
|
||||||
–n<slot> |
––init–token=<slot> Initialize the token in the specified slot |
||||||
–p | ––purge–log
Purge event log. Note that a purge cannot be done until the event log is full. |
||||||
–q | ––query
Query peripheral devices. Check all available serial ports, and attempt to activate drivers for the connected devices. |
||||||
–r<slot> |
––reset–token=<slot> Reset existing token in specified slot |
||||||
–s | ––fm–info
Display FM module information |
||||||
–t | ––time–set
Synchronizes the HSM's internal clock with the host system. This command is only valid when the RTC Status is either HSMADM_RTC_UNINITIALIZED or HSMADM_RTC_STAND_ALONE. Refer to the SafeNet ProtectToolkit–C Programmers Guide (in the Appendix titled HSMAdmin.h Library Reference). |
||||||
–v | ––verbose
Display extended status information |
||||||
–x | ––tamper
This will cause the Key Store memory on the HSM to be erased (as if tampered) and made ready for re-initialization. The –x option is only available on hardware-based SafeNet ProtectToolkit-C implementations. |
||||||
––rtc–adj–access–control–rule=
|
This option sets the rule for RTC Adjustment Access Control. The RTC Adjustment Access Control Rule specifies the guard parameters that control RTC modification. If modification of the RTC is attempted outside of these guard parameters, it will fail. secstotal: amount of deviation (in seconds) within a guard duration. counttotal number of adjustment that can be made within the guard duration. days: the guard duration in number of days. The separator ‘:’ is a compulsory argument. However, the values for <secs>, <count> and <days> can be NULL. A NULL equates to no modification. For example: Use ctconf –v to display the current settings for the RTC Adjustment Access Control Rule. |
||||||
––rtc–adj–access–control=0|1 |
RTC Adjustment Access Control can be enabled once the RTC Adjustment Access Control Rule has been set. When RTC Adjustment Access Control is enabled, the functions provided by the HSMAdmin API (refer to the SafeNet ProtectToolkit-C Programmer’s Guide) are governed by the RTC Adjustment Access Control Rule. By disabling RTC Adjustment Access Control, unlimited adjustments to the RTC may be performed. ctconf may be specified with both the ––rtc–adj–access–control–rule and ––rtc–adj–access–control command line parameters simultaneously. The RTC Adjustment Access Control Rule is given precedence over RTC Adjustment Access Control. Use ctconf –v to display the current settings for the RTC Adjustment Access Control Rule. |