Entrust nShield: Creating a Secure Auditing Key

You need to use the generatekey command-line utility to create a cryptographic key for Secure Auditing when using Entrust nShield HSM devices. It is provided by the nCSS package. For more information about installing the nCSS package, see Installing Entrust nShield packages.

To create a Secure Auditing key, run the following command:

generatekey -g custom protect=module type=ECDSA plainname="MasterAuditKey" curve="NISTP256" blobsavefile="master_audit.blob" seeintegname="" nvram="no"

The public key generated by this command will be used to verify Secure Auditing entries. Before doing so, you need to export the public key into the PEM format. For more information, refer to the OneSpan Authentication Server Administrator Guide, Section "Secure Auditing with Entrust nShield".

The generatekey command creates the BLOB file in the current directory. It will also generate the following file:

master_audit_inf.txt

This file contains important information about the key, including the key hash, which will be used when you configure the HSM to use the key for Secure Auditing.