Preparing the nShield Connect for Use with ActivID KMS

The following procedure briefly summarizes the process of preparing the nShield Connect for use with ActivID KMS.

1. Copy the PKCS #11 cknfast-64.dll file to the ActivID KMS directory.

   The cknfast-64.dll file is located in the <installdir>\nCipher\nfast\toolkits\pkcs11\ directory.

2. Make sure that the cknfastrc configuration file (located in <installdir>\nCipher\nfast\cknfastrc) contains only the following two lines:

   Copy

   CKNFAST_OVERRIDE_SECURITY_ASSURANCES=tokenkeys;unwrap_mech;unwrap_kek;explicitness
   CKNFAST_NO_ACCELERATOR_SLOTS=1

   Note: All keys that are injected using ActivID KMS are located in the Security World created using the directions described in this section (see Task 6: Configuring an nCipher Security World). You can view the key labels and attributes using ActivID KMS or using the KeySafe utility (see next illustration).
   Important: If you are migrating from a HSM containing extractable keys, you need to add the longterm flag to CKNFAST_OVERRIDE_SECURITY_ASSURANCES in the cknfastrc file.

3. Launch KeySafe.

4. Click Keys and click List Keys to display the Key Listing window.