Login
    Contenu x
    OneSpan procedure
    • 23 Jan 2025
    • 2 Minutes à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    OneSpan procedure

    • Mis à jour le 23 Jan 2025
    • 2 Minutes à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    When the HSM-level DPX transport key and the KEK custodians arrive, OneSpan proceeds to a key import ceremony.

    The hardware security module used by the OneSpan fulfillment services department is not necessarily an Entrust nShield HSM.

    The OneSpan key management procedure, which does not require any customer activity, involves the following steps:

    • Importing the Customer’s KEK with custodians import
    • Importing the HSM-level DPX transport key wrapped by the KEK

    Import the customer’s KEK with custodians import

    This function is the reverse operation of the one described in Generate the KEK with custodians export.

    To import the customer’s KEK

    1. On the Key Management Tool main screen, select (6): Import a Key Encrypting Key.
    2. Select one of the following key types: AES128, AES256, DES2 or DES3. The default value is 3. (DES2 is not recommended.)

    3. Select the number of key custodians. The default value is 3.

      Figure: Import the customer’s KEK with custodians import (1)

    4. Press any key to continue.

    5. Enter the first component of the KEK. The KCV of this KEK component is displayed.

    6. Type Y if the KCV is correct.

      Figure: Import the customer’s KEK with custodians import (2)

    7. Repeat the previous steps for all further components.

    8. Select the ID of the key encrypting key.

      Figure: Import the customer's KEK with custodians import (3)

    The key is imported, and the KCV of the KEK is displayed. This KCV must be equal to the KCV presented in Generate the KEK with custodians export.

    Import the HSM-level DPX transport key wrapped by the KEK

    This function is the reverse operation of those described in Generate the HSM-level DPX transport key and Export the HSM-level DPX transport key wrapped by the KEK.

    To import the HSM-level DPX transport key

    1. On the Key Management Tool main screen, select (7): Import a Transport Key.

    2. Select one of the following key types: AES128, AES256, DES2 or DES3. The default value is 3. (DES2 is not recommended.)

      Figure: Import the HSM-level DPX transport key (1)

    3. Press any key to continue.

    4. Enter the wrapped value of the transport key.

      Figure:  Import the HSM-level DPX transport key (2)

    5. Select the ID of the KEK key authorized to unwrap and import this transport key. This KEK must be the same as in Import the customer’s KEK with custodians import.

    6. Select the ID of the transport key to import. The default value is 0x7fffff.

      Figure: Import the HSM-level DPX transport key (3)

    The key is imported, and the KCV of the HSM-level DPX transport key is displayed. This KCV must be equal to the KCV described in Generate the HSM-level DPX transport key.

    OneSpan is now able to use this HSM-level DPX transport key to double-encrypt the DPX file(s) for the customer.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle