Security Flags

Policies are implemented in SafeNet ProtectToolkit-C by configuring security flags.

Setting a security flag activates its particular security settings. One or more of these flags can be set to create custom security policies or to implement the typical security policies described in the previous section.

Configuring Security Flags

Security flags are configured using the ctconf command line utility.

The command syntax is as follows:

ctconf –f<flags>

Multiple flags may be set simultaneously. For example, the command: ctconf –ftu would set both the t and the u flags.

When flags are set, any flags set previously are cleared.

Set flags = 0 to clear all the flags. This places the device in SafeNet Default Mode (Default <No flags set>). See the Typical Security Policies section SafeNet Default Mode, for more information about this security policy.

Use other flags values to set flags as follows:

To set flag:

Use flags value:

Auth Protection

u

DES Keys Even Parity Allowed

d
Enable PCI Audit Logs b

Entrust Ready

e

FIPS Algorithms Only

a

FIPS Mode

F

Full Secure Messaging Encryption

N

Full Secure Messaging Signing

U

Increased Security Level

i

Mode Locked

l

No Clear PINs

n

No Public Crypto

c

Pure PKCS11 (PKCS#11 Compatibility Mode)

p

Tamper Before Upgrade

t

User-specified ECC DomainParameters Allowed

E
Weak PKCS#11 Mechanisms w

Each of these flags is fully described below.

For the complete ctconf command reference, see CTCONF.

Security Flag Descriptions

The security settings configured by each of the security flags are described below. A mapping of security flags to the typical security policies described in this manual is provided in Security Policy Options.

Auth Protection

The Auth Protection (Authentication/Session Protection) flag, when set, ensures secure messaging authentication between applications and the HSM is enforced for certain messages sent from applications to the HSM. Critical messages or messages that might otherwise contain sensitive information are affected. These messages must be digitally signed so they can be verified by the HSM.

With this setting applied, applications will operate more securely. HSM performance, however, may suffer due to the additional operations required to sign and verify each message request.

DES Keys Even Parity Allowed

The Des Keys Even Parity Allowed flag permits creation of DES, DES2 and DES3 keys and components with even parity.

Enable PCI Audit Logs

The Enable PCI Audit Logs flag permits the collection of logs accessible to the audit user.

Entrust Ready

The Entrust Ready (Entrust Compliant) flag, when set, establishes the following rules:

>When a nonexistent mechanism is queried, an empty mechanism structure is returned.

>When a token is initialized with the C_InitToken command, the SO PIN is not required.

>A user who is already logged in is permitted to log in again.

>When using the C_SignFinal command, the size of the message authentication code (MAC) returned can be controlled, even if the mechanism is not one of the general-length MAC mechanisms specified in the PKCS #11 standard.

>When using the C_WrapKey function, if the CKA_extractable attribute is not specified, it defaults to true so that wrapping is allowed.

FIPS Algorithms Only

The FIPS Algorithms Only (Only Allow FIPS-Approved Algorithms) flag, when set, disables non-FIPS approved algorithms.

The algorithms approved by FIPS are: AES, Triple-DES, DSA, RSA, ECDSA, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, SHA-1, SHA-256, SHA-384, SHA-512, Triple-DES MAC.

Refer to the Typical Security Policies section FIPS Mode for more.

NOTE   For FIPS-approved algorithms for individual products, please check the FIPS product certification.

FIPS Mode

The FIPS Mode (FIPS 140-1 Mode or FIPS 140-2 Mode) flag, when set, sets the following composite flags:

>FIPS Algorithms Only

>No Public Crypto

>Mode Locked

>No Clear PINs

>Tamper Before Upgrade

>Auth Protection

Instead of specifying each of these flags separately with ctconf, the FIPS Mode flag can be set as a shortcut.

Refer to the entries for the individual flags and the Typical Security Policies section FIPS Mode.

Full Secure Messaging Encryption

The Full Secure Messaging Encryption flag, when set, ensures that:

>User PINs or other sensitive information cannot be passed across the host interface unencrypted.

>Secure messaging encryption is enabled, so every message between the application and the HSM is encrypted in both directions.

>Certain functions that would otherwise result in the clear transmission of sensitive data are disabled

>The creation of any keys with the CKA_SENSITIVE attribute set to false is not permitted.

Note that the Full Secure Messaging Encryption flag is similar to the No Clear PINs Allowed flag, except every message between the application and the HSM is encrypted in both directions. The key used for the message encryption is generated using the PKCS #3 Diffie-Hellman Key Agreement Standard.

By enabling this setting, applications will operate more securely. however this will also have the effect of decreasing HSM performance. This is due to the increased operations required to encrypt and decrypt each request and response message.

CAUTION!   The No Clear PINs flag must be set to enable Full Secure Messaging Encryption to encrypt data.

Full Secure Messaging Signing

The Full Secure Messaging Signing flag, when set, indicates that secure messaging authentication between applications and the HSM is being enforced for every message, in both directions, between the application and the HSM. All messages must be digitally signed so that they can be verified by the HSM.

Note that the Full Secure Messaging Signing flag is similar to the Auth Protection flag except that every message, in both directions, between the application and the HSM is digitally signed and verified. The key used for the message signing is generated using the PKCS #3 Diffie-Hellman Key Agreement Standard.

With this setting applied, applications will operate more securely. HSM performance, however, may suffer due to the additional operations required to sign and verify each message request.

CAUTION!   The No Clear PINs flag must be set to enable Full Secure Messaging Signing to encrypt data.

Increased Security Level

The Increased Security Level flag, when set, ensures that:

>The mechanism CKM_EXTRACT_KEY_FROM_KEY is disabled.

>Changing the CKA_MODIFIABLE attribute from false to true while using the C_CopyObject command is not permitted.

Mode Locked

The Mode Locked (Lock Security Mode) flag, when set, prevents any further security flag modification. A new security policy can only be implemented after performing a tamper operation.

No Clear PINs

The No Clear PINs (No Clear PINs Allowed) flag, when set, ensures that:

>User PINs or other sensitive information cannot be passed across the host interface unencrypted.

>Secure messaging encryption is enabled for critical requests to the HSM, or for those requests that might otherwise contain sensitive information.

>Certain functions that would otherwise result in the clear transmission of sensitive data are disabled.

>The creation of any keys with the CKA_SENSITIVE attribute set to false is not permitted.

CAUTION!   The No Clear PINs flag must be set to enable Full Secure Messaging Encryption and Full Secure Messaging Signing.

No Public Crypto

The No Public Crypto flag, when set, ensures that no user can perform a cryptographic operation without having first authenticated themselves.

When this flag is set, each token in the system will have the PKCS #11 CKF_LOGIN_REQUIRED flag set so that applications must authenticate before operations are allowed. Note that this security flag does not affect the Admin token, which always requires authentication for access.

NOTE   The name of this flag does not imply that public key cryptography is not allowed. Setting this flag will not prevent RSA processing.

Pure PKCS11 (PKCS#11 Compatibility Mode)

CAUTION!   Setting this flag compromises security. A skilled attacker may be able to exploit vulnerabilities in certain mechanisms when this flag is set.

The Pure PKCS11 flag, when set, allows that the following mechanisms to function as the PKCS #11 v2.20 standard requires.

>CKM_CONCATENATE_BASE_AND_KEY

>CKM_CONCATENATE_BASE_AND_DATA

>CKM_CONCATENATE_DATA_AND_BASE

>CKM_EXTRACT_KEY_FROM_KEY

Tamper Before Upgrade

The Tamper Before Upgrade flag, when set, ensures that a soft tamper (erasure of all HSM internal secure memory) will occur when any of the following operations are undertaken.

>Firmware upgrade

>FM download

>FM disable operation

User Specified ECC DomainParameters Allowed

The User Specified ECC DomainParameters Allowed flag, when set, allows ECC Public and Private keys with Domain Parameters other then the set of named curves built into the HSM to be generated and stored on the HSM.

Weak PKCS#11 Mechanisms

CAUTION!   Setting this flag compromises security. A skilled attacker may be able to exploit vulnerabilities in certain mechanisms when this flag is set.

Newly-discovered key extraction techniques have revealed vulnerabilities in some mechanisms. These mechanisms are now restricted by default in the factory settings of all new HSMs, or when flags are set to "0" (all flags cleared). Also, these mechanisms cannot be enabled when flags are set to "F" (FIPS 140-2 Mode) or "a" (Only Allow FIPS-Approved Algorithms). The Weak PKCS#11 Mechanisms flag, when set, allows the use of these less-secure mechanisms. It can be used with any combination of flags except "F" and "a".

The following mechanisms are affected:

>CKM_CONCATENATE_BASE_AND_DATA

>CKM_CONCATENATE_BASE_AND_KEY

>CKM_CONCATENATE_DATA_AND_BASE

>CKM_XOR_BASE_AND_DATA

>CKM_XOR_BASE_AND_KEY

>CKM_EXTRACT_KEY_FROM_KEY