Using NAM Probe with nShield Connect HSM

The NAM Probe is capable of receiving the secure cryptographic processing from The nShield Connect™ hardware security module (HSM) with the NAM Probe acting as an nShield Connect client.

The NAM Probe was tested to with nShield Connect HSM 1.2. Note that Thales recommends Security World 12 when used with Red Hat Enterprise Linux 7.

Since NAM 2018 we also support the HSM "soft keys". It is an optional functionality of nShield Connect HSM used to let the host restrict the use of keys managed by the HSM.

To configure the softcard to work with AMD:

  1. Log in to the NAM Probe as user root .

  2. Edit the /usr/adlex/config/rtm.config file.

  3. Append of modify the ssl.engine.param

    ssl.engine.param=uselogin:true
    
  4. (optional) If you have more than one softcard token, you must indicate either: slotname, slotnum or slotid.
    For example:

    ssl.engine.param=uselogin:true slotname:softkey_engine_name
    ssl.engine.param=uselogin:true slotnum:1
    
  5. Assign the key to the softcard token.
    Run the kpadmin tool with flag -l (login) parameter. The password is stored in machine memory however, after any reboot you will have to provide the password again.

There are two expected configuration scenarios. Refer to Thales provided nShield Connect HSM documentation for detailed instructions: nShield Connect Quick Start Guide and nShield Connect and netHSM User Guide for Unix-based OS

The procedure provides an outline of general steps required to setup nShield Connect from scratch and connect the NAM Probe to it.

  1. Set up and configure nShield Connect.
  2. Create a Remote File System (RFS) on a machine of your choice.
  3. Connect RFS to nShield Connect.
  4. Connect the NAM Probe to nShield Connect.
  5. Create Security World on nShield Connect.

The procedure provides an outline of general steps required to connect the NAM Probe and an existing instance of nShield Connect.

  1. Configure nShield Connect to enable a connection from the NAM Probe.
  2. Connect the NAM Probe to nShield Connect.
  3. Configure Remote File System (RFS) to allow NAM Probe to receive the Security World data.