––device–number=<device>

Use the admin token on the specified device

––fm–cert=<name>

Specifies the certificate used to validate an FM specified with –k<FM_file>.

––create–slots=<slots>

Create slots new User slots

––delete–slot=<slot>

Delete and remove User slot with ID slot (You cannot delete the admin slot).

––event–log

Prints the event log on stdout

Configures security flags. Security flags are used to implement security policies.

Multiple flags may be set simultaneously. For example the command: ctconf –ftu would set both the t and the u flags.

When flags are set, any flags set previously are cleared.

Setting ctconf –f0 clears all the flags and places the device in SafeNet Default Mode (no flags set). This security policy is described in the "Typical Security Policies" section SafeNet Default Mode.

Use other flags values to set flags as follows:

Each of these flags is fully described in Security Flag Descriptions.

––upgrade–fw=<file>

Upgrade firmware with file

––help

Display usage information

––integrity–fw=<file>

Verify the authenticity/integrity of a firmware file by specifying its filename.

––download–fm=<file>

Download FM module file

––validate–fm=<file>

Validate FM module file. You must also specify the certificate used to validate the FM (–b<name>).

––delete–fm

––disable–fm

––fmid=<fmid>

Disable/delete an FM module, specifying the FM ID in hex format.

––mode=<n>

Set the transport mode for the HSM. The following transport modes can be set with <n>:

See Using Transport Mode to Avoid a Board Removal Tamper.

––init–token=<slot>

Initialize the token in the specified slot

––purge–log

Purge event log. Note that a purge cannot be done until the event log is full.

––query

Query peripheral devices. Check all available serial ports, and attempt to activate drivers for the connected devices.

––reset–token=<slot>

Reset existing token in specified slot

––fm–info

Display FM module information

––time–set

Synchronizes the HSM's internal clock with the host system. This command is only valid when the RTC Status is either HSMADM_RTC_UNINITIALIZED or HSMADM_RTC_STAND_ALONE.

Refer to the SafeNet ProtectToolkit–C Programmers Guide (in the Appendix titled HSMAdmin.h Library Reference).

––verbose

Display extended status information

––tamper

This will cause the Key Store memory on the HSM to be erased (as if tampered) and made ready for re-initialization.

The –x option is only available on hardware-based SafeNet ProtectToolkit-C implementations.

This option sets the rule for RTC Adjustment Access Control. The RTC Adjustment Access Control Rule specifies the guard parameters that control RTC modification.

If modification of the RTC is attempted outside of these guard parameters, it will fail. 

secstotal: amount of deviation (in seconds) within a guard duration.
Range: 1–120

counttotal number of adjustment that can be made within the guard duration.
Range: 0–no maximum. 0 denotes that unlimited adjustments can be made.

days: the guard duration in number of days.
Range 1–12.

The separator ‘:’ is a compulsory argument. However, the values for <secs>, <count> and <days> can be NULL. A NULL equates to no modification.

For example:
ctconf ––rtc–adj–access–control–rule=12:0:1
ctconf ––rtc–adj–access–control–rule=12::
ctconf ––rtc–adj–access–control–rule=::4

Use ctconf –v to display the current settings for the RTC Adjustment Access Control Rule.