New Features and Enhancements

SafeNet ProtectToolkit 5.7 introduces the following new features and enhancements:

Multifactor Authentication (One-Time Password)

SafeNet ProtectToolkit 5.7 now supports multifactor authentication using the SafeNet 110 OTP Token. This authentication scheme adds another layer of security by requiring both the memorized token PIN and a 6-digit number randomly generated by the SafeNet 110 OTP Token.

See Multifactor Authentication (One-Time Password) and CTOTP.

USB API Support for FMs

On Linux clients, you can now use the USB API to write applications that can interact with the HSM via the card USB port. This functionality can include:

>wrapping of PKCS objects and storing them on a USB flash memory drive

>backup of SMFS stored key (non-PKCS keys)

The USB API works with your custom FM to enable the desired functionality.

See USB API Reference for a list of API calls.

Secure Package Updates

On SafeNet ProtectServer Network HSM and Network HSM Plus shipped with SafeNet ProtectToolkit 5.7, you can now update the appliance software image by applying a secure package provided by Gemalto.

See package for the proper command syntax.

Ed25519 Curve Support

The ed25519 curve has been added to SafeNet ProtectToolkit 5.7 for sign/verify operations. Ed25519 uses a new key type, CKK_EC_EDWARDS, and the set of new EDDSA sign/verify mechanisms.

AES CCM Support

SafeNet ProtectToolkit 5.7 introduces the AES_CCM mechanism, described at https://tools.ietf.org/html/rfc3610.

See CKM_AES_CCM.

OpenSSL Library Supporting Big Numbers Included in FM-SDK

The FM-SDK now includes a pre-compiled OpenSSL library (libfmbn), which allows support for Big Numbers in FMs. Use the FM sample ssldemo as a reference to use this library with your FMs. OpenSSL documentation can be found at https://www.openssl.org/.