Setting up the ncipher nshield HSM fr use with Kerberized Certificate Authrity Intrductin This dcument cntains instructins fr setting up ncipher nshield hardware security mdules (HSM) fr use with the Kerberized Certificate Authrity (KCA) service. It is assumed that the reader is familiar with the cncepts and prcedures utlined in the nshield dcumentatin. Dcument Cnventins This dcument refers t specific sectins f the nshield/payshield Administratr Guide (Administratr Guide) fr Windws, the nshield/payshield Operatr Guide fr Windws (Operatr Guide) and the nshield/payshield User Guide fr Windws (User Guide). These dcuments can be fund n the ncipher sftware installatin DVD. Since there is significant verlap in the cntent f the three guides, the infrmatin that is being referred may be fund in guides ther than the specific ne being referenced. Cmmands t be typed and expected cmmand utput are shwn in mnspaced type and parameters in such cmmands are shwn in italicized mnspace type. Fr example: C:\> cpy surce_file_name destinatin_file_name Unless specified therwise, all the cmmands that are shwn as examples are lcated in the bin subdirectry f the nfast installatin directry. The NFAST_HOME envirnment variable cntains the path t the nfast installatin directry. On a typical installatin, this wuld be : C:\Prgram Files\nCipher\nfast\bin
Prpsed Architecture f the HSM backed KCA The master key f the certificate authrity certificate will be stred n the HSM. All cryptgraphic peratins invlving the master key, such as the generatin f the master key and signing certificate requests will be perfrmed thrugh the HSM. The prduct chsen fr the HSM backed KCA is the ncipher nshield. Key management thrugh ncipher security wrlds is described in Chapter 2: ncipher security wrlds in the Administratr guide. The prpsed architecture is implemented as fllws: 1. An ncipher security wrld is created using ne r mre hardware security mdules. The security wrld key will be prtected using a set f administratr smart cards. 2. An RSA key will be generated using the HSM. The key will be prtected nly by the security wrld key. Once generated, the key will be prpagated t all the hsts that are part f the security wrld. 3. A rt certificate request will be created and signed n a machine that has access t the security wrld using the key generated in step 2 as the private key. 4. The KCA service is installed and cnfigured t run n the hsts that are part f the security wrld. The service will use the generated rt certificate as the certificate authrity certificate. Since the private key f the rt certificate was generated n the HSM and used frm the HSM, the key material is never expsed beynd the hardware mdule. Setting up the HSM Instructins fr setting up the HSM are in Chapter 3: Getting the Mdule Wrking in the Administratr Guide. In particular the subsectin Creating and cnfiguring the security wrld has instructins fr creating the security wrld. The Kerberized Certificate Authrity (KCA) des nt supprt the full range f security plicies that nshield supprts. Specifically, being an unattended service, the KCA des nt supprt prmpting fr peratr cards r passwrds. Therefre, the keys that will be used by the KCA must be keys that can be accessed by the HSM withut any user interventin. All the hardware mdules that are t be used by a set f KCA servers that share a Certificate Authrity certificate must be part f the same security wrld *. Therefre, nce a security wrld has been created using ne security mdule, the ther security mdules must be added t the same security wrld. * This restrictin stems frm the assumptin that the private key f the CA certificate will be generated and used frm the HSM. See sectin Generating X509 certificates with OpenSSL using prtected private keys.
In ther wrds: Create the security wrld using ne security mdule as utlined in Chapter 3, sectin Creating and cnfiguring the security wrld in the Administratr Guide Install the sftware and hardware n additinal hsts. Cpy the security wrld data frm the first hst t the ther hsts. Security wrld files are described in Chapter 11, sectin Security wrld files in the Administratr Guide. Add each security mdule in each new hst as per Chapter 11, sectin Adding r restring a mdule t the security wrld. Example wrkflw fr setting up the security wrld Install the hardware security mdule in the hst machine. Install the ncipher sftware using the ncipher sftware installatin CD. Run setup.exe frm the ncipher sftware installatin CD and fllw the installatin wizard prmpts. Test the sftware and hardware. Run the enquiry cmmand. enquiry If the hardware security mdule is installed prperly, the cmmand shuld utput details abut bth the nfast server and the nshield mdule. The cmmand utput als includes the serial number f the mdule as well as the firmware versin number. Create and cnfigure the security wrld. This can either be dne using a GUI r the cmmand-line. This sectin assumes that the security wrld is created using the cmmand-line. Figure ut the prtectin mdel fr administering the HSM. In particular, yu shuld knw the number and qurum f administratr cards t be used. Place the HSM int the pre-initializatin state. Fr nshield HSMs, this invlves setting the mde switch in the back f the card t I. This prcess is described in Chapter 3, sectin Entering the pre-initializatin state f the Administratr Guide. Run the new-wrld cmmand t create the new security wrld. new-wrld --initialize --acs-qurum=1/2
The abve invcatin assumes that the administratr card set has tw cards with a ne card qurum. If any additinal infrmatin is needed, the new-wrld cmmand will prmpt fr it. Once all the required infrmatin has been furnished, the cmmand will prmpt fr each administratr card t be inserted int the card reader. Stre the cards in a safe and secure lcatin. Place the HSM int the peratinal state. Fr nshield HSMs, this can be accmplished by setting the mde switch in the back f the card t O. This prcess is described in Chapter 3 sectin Entering the peratinal state f the Administratr Guide. Since the nly specified ptin was --acs-qurum, all ther ptins and features will be cnfigured using defaults. The default feature states can be listed using the fllwing cmmand: new-wrld --help-features The sectin titled new-wrld in Chapter 15 f the Administratr Guide has details f the default ptins fr the new-wrld cmmand. As an alternative, the security wrld can als be created using the Cryptgraphic Service Prvider Installatin Wizard (CSP Installatin Wizard). A shrtcut t the CSP Installatin Wizard can be fund n the ncipher start menu prgram grup. Instructins fr creating a new security wrld using this wizard is in Chapter 11, sectin Creating a security wrld using the CSP Wizard. Install hardware and sftware fr the additinal hsts. Cpy the security wrld files ver t each hst. The NFAST_KMLOCAL envirnment variable pints t the rt f the lcal security wrld data files. It is imprtant that nce the files are cpied ver that the envirnment variable n the new hst be updated accrdingly. Add the HSM t the security wrld using the cpied security wrld data and the administratr card set. Set the mdule t the pre-initializatin state. Run the fllwing cmmand: new-wrld --prgram
The new-wrld cmmand will prmpt fr the administratr cards t authrize the peratin and decrypt the security wrld key. Creating keys The keys that are t be used with the KCA must fulfill the fllwing requirements. Sme f these requirements may be relaxed in future versins f the KCA. The key must be prtected by the security mdule. This is nt a strict requirement, but stems frm the fact that the KCA service, at the mment, has n mechanism f prmpting fr the user t insert peratr cards r type passwrds that might be required t use keys that are prtected by peratr card sets r sft tkens. The applicatin name (APPNAME) f the key must be hwcrhk. This dentes that the key is generated fr use with the Cryptgraphic Hardware Interface Library (CHIL). The key must nt be stred in NVRAM. nshield gives the ptin f string keys in the NVRAM f the hardware mdule. Hwever, ding s prevents the keys frm being backed up r being easily shared amng different hsts. A key that is stred in the file system can be cpied ver t ther hsts. Instructins n hw t create keys are in Chapter 9, sectin Generating Keys f the User Guide. The fllwing is a sample transcript f a test key that was created using the required applicatin name and prtected by the security mdule. C:\Prgram Files (x86)\ncipher\nfast\bin> generatekey.exe --generate hwcrhk prtect: Prtected by? (tken, sftcard, mdule) [tken] > mdule type: Key type? (RSA, DSA, DH) [RSA] > size: Key size? (bits, minimum 1024) [1024] > 2048 OPTIONAL: pubexp: Public expnent fr RSA key (hex)? [] > ident: Key identifier? [] > mdrsa02 nvram: Blb in NVRAM (needs ACS)? (yes/n) [n] > key generatin parameters: peratin Operatin t perfrm generate applicatin Applicatin hwcrhk prtect Prtected by mdule verify Verify security f key yes type Key type RSA size Key size 2048 pubexp Public expnent fr RSA key (hex) ident Key identifier mdrsa02 nvram Blb in NVRAM (needs ACS) n Key successfully generated. Path t key: C:\PrgramData\nCipher\Key Management Data\lcal\key_hwcrhk_rsamdrsa02 Nte that the cmmand utput cntains the path f the created key. The generated key will be stred in the security wrld data directry unless the user instructs that the key shuld be stred in NVRAM.
Keys that are stred in the file system can be cpied ver t ther hsts by cpying the key blb file t the crrespnding lcatin n the destinatin hst. The newly created key can be viewed using nfkminf.exe as dcumented in Chapter 9, sectin Viewing Keys, in the User Guide. C:\Prgram Files (x86)\ncipher\nfast\bin> nfkminf.exe -k hwcrhk rsa-mdrsa02 Key AppName hwcrhk Ident rsa-mdrsa02 BlbKA length 1036 BlbPubKA length 444 BlbRecveryKA length 1172 name NONE hash d6a36749cfa104747284b775ddf6818be502aa33 recvery Enabled prtectin Mdule ther flags PublicKey!SEEAppKey!NVMemBlb +0x0 gentime 2009-02-10 01:17:53 SEE integrity key NONE The identifier f the key is particularly imprtant. In the abve example, the name f the resulting RSA key is rsa-mdrsa02. This name will be used t refer t this key when setting up the KCA service. A list f existing keys can be viewed using the nfkminf.exe k cmmand: C:\Prgram Files (x86)\ncipher\nfast\bin>nfkminf -k Key list - 4 keys AppName hwcrhk AppName hwcrhk AppName hwcrhk AppName hwcrhk Ident rsa-mdrsa01 Ident rsa-mdrsa02 Ident rsa-stkrsa01 Ident rsa-tkrsa01 Once created, a key can nly be destryed by destrying the key blb file. Generating X509 certificates with OpenSSL using prtected private keys A private key that is prtected by a security wrld can be used as the private key fr a certificate. The wrkflw fr generating such a certificate is similar t the wrkflw f generating a certificate request using a generated key, with the exceptin that the private key has t be generated prir t the certificate request. generatekey.exe generate hwcrhk [ther ptins] penssl req engine chil key <key id> keyfrm engine [ther ptins] The requirements and restrictins are: The key needs t be generated with APPNAME set t hwcrhk.
OpenSSL must be cnfigured t access the private key thrugh the HSM. Once created, any use f the certificate that requires the private key can nly be perfrmed frm a hst that has access t the security wrld. It is pssible t generate the key utside f the HSM and imprt the key int the security wrld. Hwever generating keys within the security wrld is preferred, since that methd des nt expse key material. As an example, the fllwing cmmand can be used t generate a certificate request using the private key that was generated in the Creating keys sectin: penssl req -new -cnfig make_kca_cert.cnf -days 365 \ -key rsa-mdrsa01 \ -keyfrm engine \ -engine chil \ -ut newcert.req Nte that in rder fr the abve cmmand t wrk, the OpenSSL cnfiguratin file shuld have these entries which are required fr lcating the using the ncipher CHIL plug-in: penssl_cnf = penssl_def [penssl_def] engines = engine_sectin [engine_sectin] chil = chil_sectin [chil_sectin] SO_PATH=C:/Prgram Files/nCipher/nfast/tlkits/hwcrhk/nfhwcrhk.dll Mre infrmatin abut cnfiguring OpenSSL t use the ncipher HSM can be fund in the fllwing sectin.
Cnfiguring the KCA Service The KCA Service can be installed as per the dcumentatin at http://www.secureendpints.cm/_private/fnal/kca_service.html. Once installed, fllw the instructins in the sectin Enabling the ncipher nshield HSM via the OpenSSL cnfiguratin file. The resulting cnfiguratin file wuld lk like the fllwing: penssl_cnf = penssl_def [penssl_def] engines = engine_sectin [engine_sectin] chil = chil_sectin [chil_sectin] SO_PATH=C:/Prgram Files/nCipher/nfast/tlkits/hwcrhk/nfhwcrhk.dll [ kca ] default_ca = CA_kca # The default ca sectin [ CA_kca ] dir = sme/directry certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. new_certs_dir = $dir/newcerts # default place fr new certs. certificate = $dir/kca.crt # The CA certificate serial = $dir/kca.serial # The current serial number crl = $dir/kca.crl # The current CRL private_key = rsa-mdrsa02 # The private key engine = chil keyfrm = engine Prtins have been mitted fr clarity. The SO_PATH entry in the chil_sectin pints t the installed lcatin f nfhwcrhk.dll which allws OpenSSL t access the private key frm the HSM. The private_key entry in the [CA_kca] sectin specifies the name f the private key t use. This is the same name that was reprted by the nfkminf.exe utility abve. Once these settings are in place, the KCA shuld be able t start up and use the private key frm the HSM. Yu may see entries such as the fllwing in the KCA lg: Wed Nv 12 23:06:45 2008 [4428]: lg Cnfiguring engines Wed Nv 12 23:06:45 2008 [4428]: lg OPENSSL: Engine 'chil' successfully laded Wed Nv 12 23:06:56 2008 [4428]: lg Security wrld: Usable 1 mdule(s) If the KCA service encunters any prblems, detailed errr messages will be written t the KCA lg.