OneSpan procedure
- 23 Jan 2025
- 1 Minute à lire
- SombreLumière
- PDF
OneSpan procedure
- Mis à jour le 23 Jan 2025
- 1 Minute à lire
- SombreLumière
- PDF
The content is currently unavailable in French. You are viewing the default English version.
Résumé de l’article
Avez-vous trouvé ce résumé utile ?
Merci pour vos commentaires
When the HSM-level DPX transport key and the KEK custodians arrive, OneSpan proceeds to a key import ceremony. The OneSpan key management procedure, which does not require any customer activity, involves the following steps:
- Import the customer’s KEK with custodians import
- Import the HSM-level DPX transport key wrapped by the KEK
Customers may use this procedure to restore the HSM-level DPX transport key in their own HSM (for example, after failure).
Import the customer’s KEK with custodians import
- In the Key Managment Utility window, from the menu, select Options > Create > Enter Key from Components.
- Select the Mechanism: Double DES, Triple DES, AES with key size 128 bits or AESwith key size 256 bits.
With these settings, KEK backup is not possible. To allow backup, set the Exportable option to TRUE.
- Specify the number of components to enter.
- Enter the KEK components.
Figure: Import the customer’s KEK (3)
Import the HSM-level DPX transport key wrapped by the KEK
To import the HSM-level DPX transport key
- In the Key Managment Utility window, from the menu, select Options > Import Key(s).
- Select the Import encrypted parts and Single Partoptions.
Figure: Import the HSM-level DPX transport key (1)
- Select the Mechanism: Double DES, Triple DES, AES with key size 128 bits or AES with key size 256 bits.
With these settings, backup or export of the HSM-level DPX transport key is not possible. To allow backup, the set the Exportable option to TRUE.
- Enter the wrapped transport key value.
- Check the KCV value.
OneSpan is now able to use this HSM-level DPX transport key to double-encrypt the DPX file(s) for the customer.
Cet article vous a-t-il été utile ?