Preparing the nShield Solo for Use with ActivID KMS
As described in previous sections, an nShield Solo HSM is installed on the system where ActivID KMS is installed. Following best practices, the ActivID KMS and ActivID CMS are installed and running on different systems.
For specific details on preparing the HSM for use with ActivID KMS, refer to Installing and Using ActivID KMS for more information; (this section is not intended to replace the Installing and Using ActivID KMS section). The following steps summarize the preparation process:
-
Copy the PKCS #11 cknfast-64.dll file to the ActivID KMS directory.
-
Make sure that the cknfastrc configuration file (located in <installdir>\nCipher\nfast\cknfastrc) contains only the following two lines:
CopyCKNFAST_OVERRIDE_SECURITY_ASSURANCES=tokenkeys;unwrap_mech;unwrap_kek;explicitness
CKNFAST_NO_ACCELERATOR_SLOTS=1Note: All keys injected using ActivID KMS are located in the Security World you created previously using the directions in this documentation. You can view the key labels and attributes using ActivID KMS or by using the KeySafe utility (illustrated in the figure below).Important: If you are migrating from an HSM containing extractable keys, you need to add the longterm flag to CKNFAST_OVERRIDE_SECURITY_ASSURANCES in the cknfastrc file.
-
Click Keys, and then click List Keys.
The cknfast-64.dll file is located in the <installdir>\nCipher\nfast\toolkits\pkcs11\ directory.
