Typical security policies
A number of typical security policies designed to meet standards or satisfy application integration requirements are offered as a part of ProtectToolkit-C.
The ctconf command line utility is used to implement the policies by setting security flags. The specific commands for each are provided.
Security flags are discussed in detail in Security flags.
For some policies, security flags may be available that alter security behavior without invalidating the policy. See Security policy options.
PKCS#11 Compatibility Mode
This mode allows full compatibility with all cryptographic mechanisms provided by the PKCS#11 v2.20 standard, including those mechanisms subsequently found to have security flaws. The following affected mechanisms are available when this policy is set:
CKM_CONCATENATE_BASE_AND_KEY
CKM_CONCATENATE_BASE_AND_DATA
CKM_CONCATENATE_DATA_AND_BASE
CKM_EXTRACT_KEY_FROM_KEY
Warning
Use of this security policy compromises security. A skilled attacker may be able to exploit vulnerabilities in certain mechanisms when this policy is set.
Command
ctconf -fp
Default Mode
By default (after initial HSM installation or following a tamper event), Default Mode is applied to ProtectToolkit-C. This mode provides better security than PKCS#11 Compatibility Mode, while offering more of the PKCS#11 standard mechanisms than other, more restrictive security policies.
For more about how Default Mode differs from PKCS#11 Compatibility Mode, and the related security issues, see PKCS#11 Compatibility Mode.
Command
ctconf -f0
FIPS Mode
ProtectToolkit-C and the ProtectServer 3 HSM are FIPS-validated. The FIPS certification assures users that an independent third-party has verified that the product meets the high level of security demanded.
Note
ProtectToolkit-C and the HSM can function outside the scope of this accreditation. Therefore, to guarantee that the HSM functions in FIPS Mode, ensure that the correct configuration is set using the ctconf command given below.
The attributes of the FIPS Mode security policy are:
-
No public cryptographic operations.
Note
RSA and other public key processing can still occur. The setting restricts cryptographic services from being performed by unauthenticated users.
-
No clear PINs allowed
-
Authentication protection turned on
-
Security policy locked to prevent any change
-
Tamper before upgrade
-
Only allow FIPS-approved algorithms
Note
This flag requires a valid ProtectServer Identity Key/Certificate on the HSM. See ProtectServer owner and identity certificates for details and procedures.
FIPS Mode operational restrictions
In FIPS Mode, operations of certain cryptographic algorithms are restricted to keys with a minimum modulus. Any attempt to use or create a key smaller than the specified minimum will result in a CKR_KEY_SIZE_RANGE error. The minimum key size for verify operations may be smaller, to verify legacy keys created in earlier versions of FIPS Mode. The key sizes are restricted as follows:
-
RSA must be 2048 or 3072 bits (verify - 1024 or 1536 bits)
-
DSA must be 2048, 3072, or 4096 bits (verify - 1024 or 1536 bits)
-
DH must be 2048 bits at minimum
-
EC must be 224 bits at minimum (verify - 160 bits)
Command
ctconf -fF
equivalent to:
ctconf -faclntu
Entrust Compliant Mode 1
The Entrust Compliant Mode 1 uses the specific security profile required by Entrust Authority version 5.x software.
Command
ctconf -fe
Entrust Compliant Mode 2
The Entrust Compliant Mode 2 uses the specific security profile required by Entrust Authority version 6.x and Entrust Security Manager version 7.x software.
Command
ctconf -fc
Netscape Compliant Mode
ProtectToolkit-C is compatible with the Netscape/iPlanet range of products. The HSM has been tested with the following products:
-
iPlanet Certificate Management System 4.1/4.2
-
Netscape Enterprise Server 4.1
-
Netscape Communicator 4.5 or later
Place the HSM in this mode by enabling the No Public Cryptography flag.
Command
ctconf -fc
Restricted Mode
In Restricted Mode, the HSM requires users to identify themselves before cryptographic services are made available. This security policy will also prevent any clear PINs or sensitive key material from passing through the PCI bus interface of the HSM. It does not, however, require each individual request to the HSM to be signed.
Command
ctconf -fcnl