Setup and configuration

An application may initialize the token and key sets, or it may presume that they have already been set up. The latter is normally the case and ProtectToolkit-C includes initialization applications to perform this function.

The ProtectServer configuration and management strategy is based on the Administrator token created automatically on all adapters. See ProtectToolkit-C administration for more details.

ProtectToolkit-C setup and configuration

• Decide early how many tokens should be created for the HSM configuration. Changing the number of tokens / slots is a significant change. Generally, one token should be used per application, but there may be necessary exceptions.

• Decide the security settings. FIPS Mode enables a collection of different security settings (see ProtectToolkit-C administration for details), some of which will impact performance. Take this into consideration when writing applications.

• Decide how to manage the user and security officer (SO) PINs for each token. The PINs protect different services and it is important to note that, when not in FIPS Mode, both keys and cryptographic services can be used when no PIN has been provided.

• Plan for operations to backup / restore to disk or smart card on working key sets. This will influence what key attributes to set for various keys and may require backup / restore master keys. See ProtectToolkit-C administration for more information on the available backup options.

• Use the KMU to manually set up key sets, or the ctkmu console application to set them up from a batch file. A simple custom application can also be used to set up a key set; both KMU and ctkmu use PKCS#11 functions that any application can call.

ProtectToolkit-C setup and configuration caveats

• The administrator token in ProtectToolkit-C V3.x may cause confusion, since it appears as a standard PKCS#11 token. This token contains special objects that should not be accessed by any applications other than the ProtectToolkit-C supplied tools.

• Server applications may require the ability to run from a restart without any assistance or input (including PINs) from a human operator. This may affect how login PINs are presented to the token.