New Features and Enhancements

SafeNet ProtectToolkit 5.9 introduces the following new features and enhancements:

CTMULTITOKEN

SafeNet ProtectToolkit 5.9 includes ctmultitoken, a multi-threaded performance testing tool (which will eventually replace the single-threaded CTPerf tool) that allows you to perform basic cryptographic functions on a ProtectServer HSM. Designed as a testing tool for HSM operations and performance, ctmultitoken allows you to specify one or more tokens on which to perform or repeat an operation, and returns a summary of the results.

See CTMULTITOKEN.

Key Creation From Multiple Components and Multi-Custodian Backup/Restore Allowed in FIPS Mode

A new mechanism, CKM_PP_LOAD_SECRET_2, allows you to import keys from multiple components and backup/restore multi-custodian keys without requiring the Weak PKCS#11 Mechanisms flag to be set. These operations are now supported in FIPS mode.

>Secure Key Backup and Restoration

>Creating Keys

>Key Entry via PIN Pad

MIBs for SNMP Logging Enhancements

SafeNet ProtectToolkit 5.9 includes Management Information Base files (MIBs) that enable you to retrieve information about the ProtectServer Network HSM via SNMP.

See SNMP Monitoring.

New TUAK and KECCAK Mechanisms

SafeNet ProtectToolkit 5.9 includes new mechanisms for using the TUAK and KECCAK cryptographic algorithms, used for 5G mobile ethernet systems.

>CKM_KECCAK_1600

>CKM_TUAK_DERIVE

>CKM_TUAK_SIGN

New PSESH Commands Display HSM Information and Allow Audit Log Cleanup

New PSESH commands allow the following functions:

>audit log clear: allows the audit user to delete all current audit logs on the HSM. See audit log.

>syslog cleanup: allows the admin user to create a .tar archive of all audit logs currently on the HSM, and delete them. See syslog cleanup.

>hsm show displays information about the appliance image/HSM firmware versions, slot information, and admin token information. See hsm.