Cryptosec Dekaton Administration Guide

Realia Technologies, S.L.

Revision: 12.9.3128
Date: 11/08/2017
Contents

1 Introduction 12

2 Cryptographic Module Installation 13

2.1 Physical Description 13

2.2 Console 14

2.2.1 Terminal Console 14

2.2.2 SSH Console 15

2.3 Console Screen 15

3 Cards Set Specification 16

3.1 Accessing the Card 16

3.2 The Shamir (’m’ of ’n’) scheme 16

3.3 Card Types 16

3.3.1 Administrator Cards 17

3.3.2 Master Keys Cards 17

3.3.3 Custodian Cards 17

4 Initialization 18

4.1 Start Initializacion Wizard 18

4.1.1 Set Time and Date 19

4.1.2 Set Server’s Network Configuration 20

4.1.3 Set Product 21

4.1.4 Setup SmartCards Communication Key - SCCK 22

2
 4.1.5 Smart Cards Enrollment 26

4.1.6 Setup Administrator 28

4.1.7 Setup Application Users 31

4.1.7.1 Add Application User 31

4.1.7.2 Edit Application User 32

4.1.7.3 List all Application Users 33

4.1.7.4 Delete User 33

4.1.8 Manage PIN settings 34

4.1.9 Setup the MasterKey 34

4.1.10 Set Operation Mode 39

4.1.11 Setup Client SSH Keys 40

4.1.12 Test 41

4.2 Test 41

4.3 Module Identification 41

4.4 Restart System 42

4.5 Shutdown System 43

5 Production 44

5.1 Enter Authorization 44

5.2 View Network configuration 45

5.3 Restart System 46

5.4 Shutdown System 46

5.5 Test 46

5.6 Module Identification 46

6 Authorization 47

6.1 Module 48

6.1.1 Master Keys Management 48

6.1.1.1 Load/Change Master Keys 49

6.1.1.2 Delete Old LMKs 49

3
 6.1.1.3 Get Master Keys KCV 49

6.1.1.4 Get Old Master Kesy KCV 50

6.1.2 Set Terminal baud rate 50

6.1.3 Set Time and Date 51

6.1.4 Restart System 51

6.1.5 Shutdown System 51

6.1.6 Test 51

6.1.7 Module Identification 51

6.2 Application Users 51

6.3 Custodians 52

6.3.1 Add a new custodian 52

6.3.2 Import Custodian 53

6.3.3 List & Delete Custodians 55

6.4 PIN management 56

6.4.1 PIN Risk Management 56

6.4.2 Set Enabled PINBlocks 58

6.4.3 Set IC Card Environment 58

6.4.4 Set Realsec1’s PIN block length 59

6.4.5 Set Encrypted V0 Decimalization Tables 59

6.4.6 Import Decimalization Table 60

6.5 Symmetric keys 62

6.5.1 Generate Symmetric Key 63

6.5.2 Import Symmetric Key Components 67

6.5.3 Export Symmetric Key components 72

6.5.4 List and delete Symmetric Key 75

6.6 RSA Public Key Import Management 76

6.7 Server configuration 78

6.8 Printer Configuration 78

6.9 Smartcards 80

4
 6.9.1 New Smart Card Communication Key 81

6.9.2 Update new SCCK in cards 81

6.9.3 Smart Cards Enrollment 82

6.9.4 Reset Smart Cards 82

6.9.5 Change Card’s PIN 82

6.9.6 Replicate Cards 84

6.9.6.1 Replicate Set 84

6.9.6.2 Copy Card 86

6.9.7 Show Card Info 87

6.10 Log Configuration 88

A Physical Ports and Logical Interfaces 90

B Secure Module Administration 91

B.0.1 Secure Administration 91

B.0.1.1 Initialization 91

B.0.1.2 Management 91

B.0.1.3 Termination 92

B.0.2 Secure Operation 92

B.0.3 General Rules 92

Bibliography 94

5
List of Figures

2.1 Bracket view 14

2.2 Console banner 15

4.1 Initialization state menu 18

4.2 Initialization wizard 19

4.3 Setup Server Time & Date 20

4.4 Setup Network Configuration 20

4.5 Set Product 21

4.6 Setup Smart Cards Communication Key - Generate 22

4.7 Split key into components 23

4.8 Component 1 of 2 23

4.9 Setup Smart Cards Communication Key - Load 24

4.10 Number of custodians 24

4.11 Load custodian key part 1 of 2 25

4.12 Load custodian key part 2 of 2 25

4.13 Computed KCV 2 of 2 26

4.14 SmartCards’ Communication Key Check Value 26

4.15 Enroll Brand new Smart Cards 27

4.16 Load batch key part 1 of 2 27

4.17 Enroll Smart Cards 28

4.18 Card authentication 28

4.19 Add administrator 29

6
4.20 Read first administrator card 29

4.21 Setup an administrator 30

4.22 Write card 1 of 3 30

4.23 Information message 31

4.24 Application Users Menu 31

4.25 Add new application user 32

4.26 Select the user to be edited 32

4.27 Edit the selected application’s user 33

4.28 Select the user to be deleted 33

4.29 Confirm application’s user deletion 34

4.30 Master keys menu options 34

4.31 Generate internal master keys 35

4.32 Write card 1 of 3 35

4.33 Load Master Keys from cards 36

4.34 Read First Master Key Card 36

4.35 Read Last Master Keys Card 36

4.36 Test key loading 37

4.37 Confirm test key loading 37

4.38 Master Key external loading 38

4.39 Master Key first component loading 38

4.40 Generated Master Keys 39

4.41 Set Approved Operation Mode 40

4.42 SSH Client’s Key 40

4.43 Self Tests 41

4.44 CRYPTOSEC SERVER 1.0 42

4.45 Restart Cryptosec system 43

4.46 shutdown Cryptosec system 43

5.1 Production mode menu 44

5.2 Authenticate the administrator 44

7
5.3 Read first administrator card 45

5.4 View Server Configuration 45

6.1 Authorization mode menu 47

6.2 Go back to production mode 48

6.3 Module menu options 48

6.4 Master Keys menu options 48

6.5 Confirm deletion of old LMKs 49

6.6 Master Keys CV 50

6.7 Old Master Keys CV 50

6.8 Serial Port Settings 51

6.9 Custodian menu 52

6.10 Add custodian 52

6.11 Write custodian card 53

6.12 Information message 53

6.13 Import custodian 54

6.14 Import custodian card 54

6.15 Information message 55

6.16 List & Delete custodians 55

6.17 Confirm message 56

6.18 PIN management menu 56

6.19 PIN Risk Management - PIN Unblock 57

6.20 PIN block types 58

6.21 IC Card Environment 58

6.22 Set Realsec1 PIN block length 59

6.23 Set Decimalization Tables 59

6.24 Import Decimalization Table 60

6.25 Encrypted Decimalization Table within Container v0 61

6.26 Clear Text Decimalization Table within Container v0 61

6.27 Encrypted Decimalization Table within Container v1 62

8
6.28 Insecure Decimalization Table 62

6.29 Symmetric keys menu 63

6.30 Generate symmetric key 63

6.31 Wrong parameters - Configuration not permitted alert screen 64

6.32 Cryptographic Module key handle - Internal key storage 65

6.33 Encrypted key - External V0 key encryption 65

6.34 Encrypted key - External V1 key encryption 66

6.35 Split key into components 66

6.36 Authenticate custodian 1 of 2 67

6.37 Component 1 of 1 67

6.38 Import symmetric key components 68

6.39 Number of custodians 69

6.40 Number of custodians - Error 69

6.41 Load custodian key part 1 of 2 70

6.42 Authenticate custodian 1 of 2 70

6.43 Computed KCV 1 of 2 71

6.44 Encrypted key 71

6.45 Cryptographic Module key handle 72

6.46 Export symmetric key components 72

6.47 Export symmetric key components 73

6.48 Generate symmetric key components 74

6.49 Authenticate custodian 1 of 2 74

6.50 Component 1 of 2 75

6.51 List and delete Symmetric Keys 75

6.52 List and delete Symmetric Keys Info 76

6.53 RSA Public Key import management 77

6.54 RSA Public Key import management 77

6.55 Check again 78

6.56 Printer configuration 79

9
6.57 Smart cards menu 81

6.58 Update new SCCK in cards 81

6.59 Card authentication 82

6.60 Reset SmartCard 82

6.61 Change PIN 83

6.62 Change PIN 83

6.63 Information message 83

6.64 Replicate cards menu 84

6.65 Replicate card set 84

6.66 Read first card 84

6.67 Write replicated set 85

6.68 Information message 85

6.69 Replicate a single card 86

6.70 Read card 86

6.71 Write card 87

6.72 Information message 87

6.73 Show card info 88

6.74 Show card info 88

6.75 Log configuration 89

10
List of Tables

6.1 Format Strings Symbols 79

6.1 Format Strings Symbols (continued) 80

11
Chapter 1

Introduction

Cryptosec Dekaton is an Hardware Security Module that provides a variety of functions to

implement key management, most common cryptographic functions, as well as banking functions
to solve bank processes.

12
Chapter 2

Cryptographic Module
Installation

2.1 Physical Description

Cryptosec Dekaton is a PCI express 8x board which can be accessible through PCIe interface,
as well as one of the Ethernet ports available on it.

In order to operate, the Cryptosec Dekaton must be installed inside an appliance with a free 8x
PCIe and an smart card reader properly installed.

Debian 8 shall be installed on the appliance. This OS would be used to install and run the services
needed to work as a bridge between the client that is consuming the Cryptographic Module’s
functionalities and the own Cryptographic Module, managing the incoming connections.

Cryptosec Dekaton has the following i/o ports:

• PCIe 8x port to communicate with the host system.

• 1 USB A host port to connect USB devices. Only an USB stick for upgrading purposes is
allowed.
• 1 Mini-B USB target port for serial communication. To be used as:
– Console in the Cryptographic Module’s initialization.
– Console in non-Approved and PCI PTS HSM v2.0-Approved mode.
• 2x Ethernet ports to be used as:
– An alternative to PCIe 8x port.
– Console in NIST FIPS PUB 140-2-Approved mode.
• 1 RJ12 port to connect a serial printer by means of a special cable. This cable is provided
by Realsec upon customer request.

13
See the picture below to locate each port:

Figure 2.1: Bracket view

2.2 Console

The Cryptographic Module presents a local console. This console is used in the Cryptographic
Module’s initialization and in the Cryptographic Module’s administration.
The local console can be established by different means:

• Serial console (mini-B USB target port):

– Cryptographic Module’s initialization.
– Cryptographic Module’s administration once initialized in non-Approved and PCI
PTS HSM v2.0-Approved mode.
• SSH console (2x Ethernet ports):
– Cryptographic Module’s administration once initialized in NIST FIPS PUB 140-2-
Approved mode.

Note: The console’s contents are the same despite the communication channel used.

2.2.1 Terminal Console

The Cryptographic Module is delivered with a standard USB to mini USB cable. Plug the mini
USB end to the specific mini USB connector of the Cryptographic Module and the USB end
must be connected to any device that emulates an ANSI VT-100 terminal.
ANSI VT-100 is the protocol used for serial communication with the Cryptographic Module.
The device connected at the end of the USB connector must implement this protocol to accept
VT-100 commands. Serial port settings for this device must be:

• 8 bits
• No parity
• 115200 bps
• No control flow

14
2.2.2 SSH Console

Connect one of the Ethernet ports of the Cryptographic Module to the Ethernet port of the SSH
client device. The device’s Ethernet port is to be configured as 169.254.1.5/30.

A key is to be used to establish the SSH connection. It can be generated as shown:

ssh-keygen -t ecdsa -b 521 -f ssh client.key -C "Put your convenience comment here"

The connection is to be opened as follows:

ssh -i ssh client.key remote@169.254.1.2

Note: The SSH access is only available in NIST FIPS PUB 140-2-Approved mode.

Note: ssh client.key.pub is to be provided to the Cryptographic Module during initialization

through the serial console.

2.3 Console Screen

Every console’s screen will have two parts so called:

• Banner
• Menu options

The banner can be always found at the top of the screen:

Figure 2.2: Console banner

The information shown within the banner are:

• Cryptographic Module’s current menu

• Cryptographic Module’s ID in the form of 16 hexadecimal characters
• Current time and date

Below the banner, the options depending on the current menu are presented. The whole set of
option will be describe within the following chapters.

To move through the console, the cursor keys can be used, as well as the ”TAB” key to jump into
the next field or the ”ESC” key to exit and return to the previous screen. Pressing the ”space
bar” a check mark among different options within the same field is placed.

15
Chapter 3

Cards Set Specification

This chapter describes module administration using different types of smart cards and their
operations.

3.1 Accessing the Card

All information on the cards is protected using an 8 ASCII characters code called PIN. Any ASCII
printable character is valid. The Cryptographic Module will request the PIN before accessing
the protected data.

The card holder has three consecutive attempts to introduce the correct PIN. Otherwise, the
card will be blocked indefinitely.

3.2 The Shamir (’m’ of ’n’) scheme

The Shamir shared secret scheme allows defining the number of cards (m) necessary to recover
the secret shared among a total of n cards.

In other words, to retrieve the secret it is necessary to use ’m’ of ’n’ cards from a specific set of
cards. The input order or what card is being used is irrelevant. Nevertheless, a card can only be
used once for a specific process.

Maximum value for ’n’ is eight, while the minimum for ’m’ is two, ’m’ must be less or equal to
’n’.

3.3 Card Types

There are three card types:

16
 1. Administrator
2. Master Keys
3. Custodian

3.3.1 Administrator Cards

The Administrator cards keep a secret (administrator ID) that allows the transition from pro-
duction state to authorization state. Generally, this means the cards identify the set of system
administrators.

Administrator ID is stored under the Administrator cards set with a Shamir sharing scheme as
described in section 3.2.

3.3.2 Master Keys Cards

The Master Keys cards keep the Cryptographic Module’s Master Keys that determine the value
of the keys that are used to protect the operating keys in the system.

Cryptographic Module’s Master Keys are stored under the Master Keys cards set with a Shamir
sharing scheme as described in section 3.2.

Several Cryptographic Modules that have the same Master Keys are indistinguishable in network
operations because they all can share and work with the same operation keys.

3.3.3 Custodian Cards

A Custodian card identifies a specific custodian to the system. Thus, a custodian can import or
export key components to the Cryptographic Module.

The Cryptographic Module can associate simultaneously a maximum number of eight custodians.

The custodian cards contain other information connected to its card holder that was provided
when the cards were signed up, such as Card holder’s identification string, called login. The
login is composed by 8 ASCII characters. Any ASCII printable character is valid.

17
Chapter 4

Initialization

When the Cryptographic Module is in Initialization state, the options shown will look like the
following picture.

Figure 4.1: Initialization state menu

4.1 Start Initializacion Wizard

The option ’A’ in the menu performs module initialization. The initialization wizard will guide
the Cryptographic Module’s initizalization, avoiding the introduction of incorrect data.

18
 Figure 4.2: Initialization wizard

The different steps are as follows:

• Set up time and date of the Cryptographic Module.

• Set up the network configuration.

• Set up the associated product.

• Generate the SmartCards Communication Key.
• Enroll the smart cards.
• Set up an Administrator.

• Set up Application Users.

• Manage PIN options.
• Set up the Cryptographic Module’s Master Keys.
• Set up the operation mode.

• Set up the client’s SSH key

• Perform Self Test

4.1.1 Set Time and Date

Current date, hour and location are to be introduced as shown in the following picture.

19
 Figure 4.3: Setup Server Time & Date

Press on ”Save Configuration” to apply the configuration.

4.1.2 Set Server’s Network Configuration

Change the network parameters.

Figure 4.4: Setup Network Configuration

20
The current parameters can be changed by clicking on ”Edit”, keeping in mind that:

• IP address from ”Interface 1” must not be changed

• Listening port must be between 1 and 65535.

• The header’s length must be between 0 and 200.
• The maximum number of simultaneous connections is 200.

4.1.3 Set Product

This will configure the Cryptographic Module to work under a certain product. Currently, they
imply:

• Banking, Lan, PKCS#11: LMK17 is the CMM PASSWORD ENCRYPTION KEYS.

• Thales emulation:

– LMK17 is the CMM THALES 1 in Non-Approved mode and NIST FIPS PUB 140-
2-Approved mode, for backwards compatibility.
– LMK17 is the CMM PASSWORD ENCRYPTION KEYS in PCI PTS HSM v2.0-
Approved mode.

Figure 4.5: Set Product

Once the Cryptographic Module is fully initialized this option cannot be changed later on.

21
4.1.4 Setup SmartCards Communication Key - SCCK

SCCK stands for Smart Card Communication Key. It is used to assure integrity and confiden-
tiality of the information being exchanged between the Cryptographic Module and the given
smart card. Therefore that SCCK must be loaded in the Cryptographic Module and every smart
card in order for them to communicate.

This operation sets up (creates or loads) a new SCCK on the Cryptographic Module.

Please do not confuse the SCCK with the batch key defined in 4.1.5.

If this is the first Cryptographic Module of a future Realsec’s Cryptographic Modules farm, select
the ”Generate” option in order to create the SCCK internally.

Figure 4.6: Setup Smart Cards Communication Key - Generate

Once the SCCK has been generated, the Cryptographic Module will show it divided in the
selected number of components.

The whole process is shown in the following figures:

Enter the number of components into which the SCCK is going to be split

22
 Figure 4.7: Split key into components

Every component and its check value is shown on the screen and must been written down by their
custodian. Pressing ”Accept” button, the following component is shown or the whole process
can be cancel by clicking on ”Refuse”.

Figure 4.8: Component 1 of 2

If this is not the first Cryptographic Module of a future Realsec’s Cryptographic Modules farm,
choose ”Load” option in order to enter the components of the SCCK returned by the first
Cryptographic Module when the ”Generate” option was selected.

The whole process is shown in the following figures:

Select ”Load” option

23
 Figure 4.9: Setup Smart Cards Communication Key - Load

Enter the number of parts of the split SCCK (must be equal to the number of custodian to enter
each component)

Figure 4.10: Number of custodians

Each custodian must type in its part of the SCCK. If the KCV (Key Check Value) has been
filled in, the Cryptographic Module will verify it. If the Cryptographic Module grants the KCV,
the next custodian will be allowed to fill in its key part, otherwise the key component must be
typed in again.

24
 Figure 4.11: Load custodian key part 1 of 2

On the other hand, the KCV can be left blank and the Cryptographic Module will calculate and
show it on the screen.

Figure 4.12: Load custodian key part 2 of 2

The calculated KCV is shown on the screen, and it has to match with the KCV that every
custodian must have written down.

25
 Figure 4.13: Computed KCV 2 of 2

Click on ”Refuse” whether the KCV shown is not the expected.

In both cases, at the end of the process, the SCCK Check Value is shown on the screen and it
has to be written down in order to be checked.

Figure 4.14: SmartCards’ Communication Key Check Value

4.1.5 Smart Cards Enrollment

Adds new smart cards into the Cryptographic Module’s Security Environment. Every smart card
set or every single smart card sent by Realsec must come along with a batch key. This batch

26
key is to be replaced by the SCCK already loaded in the Cryptographic Module, on a per smart
card basis. This process is called Enrollment.

Note that, for security reasons, the previous contents of the smart card(s) are deleted as part of
the process.

Please do not confuse this process with the Update process described in 6.9.2; nor the batch key
with the SCCK key defined in 4.1.4.

Figure 4.15: Enroll Brand new Smart Cards

The batch key must be loaded into the Cryptographic Module as a first step.

Figure 4.16: Load batch key part 1 of 2

27
Once the batch key is already loaded, the enroll process could happen by clicking on ”Update”
and inserting every brand new smart card.

Figure 4.17: Enroll Smart Cards

Every card holder must enter the PIN of the smart card inserted.

Figure 4.18: Card authentication

4.1.6 Setup Administrator

Next step during the initialization process is the establishment of the Cryptographic Module’s
administrator.

A new administrator (Create) or one already defined (Read) can be used.

28
 Figure 4.19: Add administrator

Choosing ”Read” option, a sequence of Administrator smart cards reading of an existing set will
happen.

Figure 4.20: Read first administrator card

The number of cards to be read depends on how many of them were specified when that set of
cards were recorded, and it will be known right after the first card has been read.

Otherwise, if a new Administrator needs to be created, first, the ’m’ and ’n’ values of the
administrator secret has to be specify as describe in section 3.2.

29
 Figure 4.21: Setup an administrator

The new administrator credential will be split into the ’n’ specified parts and a sequence of ’n’
Administrator smart cards writing will happen.

Every Administrator’s card holder must introduce the PIN of its smart card.

Figure 4.22: Write card 1 of 3

At the end of the process in both cases (”Create” and ”Read”), an Administrator will be loaded
into the Cryptographic Module’s Security Environment.

30
 Figure 4.23: Information message

4.1.7 Setup Application Users

Next step during the initialization process is the establishment of one or several application users.

Up to eight users can be defined. They are identified by means of a name and a password. Both
are to be formed by eight printable characters.

Figure 4.24: Application Users Menu

4.1.7.1 Add Application User

This option adds a user to the Cryptographic Modules Security Environment. The maximum
number of users is eight. The Cryptographic Module will ask for user name and password
(alphanumeric char set) and for password confirmation.

31
 Figure 4.25: Add new application user

IMPORTANT: For all products except PKCS#11’s one, Username and Password fields must be
fill-in with AUTO-LOG

4.1.7.2 Edit Application User

This option lists the users so one of them can be selected in order to edit a user’s name and/or
password. The operation requires confirmation.

Figure 4.26: Select the user to be edited

32
 Figure 4.27: Edit the selected application’s user

4.1.7.3 List all Application Users

This option lists the users.

4.1.7.4 Delete User

This option lists the users so one of them can be selected in order to be deleted. The operation
requires confirmation.

Figure 4.28: Select the user to be deleted

33
 Figure 4.29: Confirm application’s user deletion

4.1.8 Manage PIN settings

Read 6.4.

4.1.9 Setup the MasterKey

The Cryptographic Module needs Master Keys in order to be completed and ready to work.

There are four ways to get valid Master Keys loaded.

Figure 4.30: Master keys menu options

Generate Master Keys Internally The Cryptographic Module generates random Master
Keys and saves them into a Master Keys cards set. The ’m’ and ’n’ values (read 3.2) must be set
and after clicking on ”Generate” a sequence of ’n’ times Master Keys smart cards writing will
begin.

34
 Figure 4.31: Generate internal master keys

Figure 4.32: Write card 1 of 3

Import form Master Keys Cards The Cryptographic Module will read the Master Keys
Cards from an already created Master Keys smart cards set.

35
 Figure 4.33: Load Master Keys from cards

Figure 4.34: Read First Master Key Card

Figure 4.35: Read Last Master Keys Card

Load Test Master Keys The Cryptographic Module uses whole zeros Master Key (testing
keys). As these keys are for testing and are known, they shall only to be loaded for testing
purposes.

36
 Figure 4.36: Test key loading

A double confirmation will be required to load the Test Master Keys.

Figure 4.37: Confirm test key loading

Load External Master Keys Shares In case of getting the components of the TDES3 Master
Key from an external source, like in migration from Cryptosec to Cryptosec Dekaton processes,it
can be loaded using this option. The AES Master Key is still internally generated and written
to a Master Keys Cards set.

37
 Figure 4.38: Master Key external loading

The Cryptographic Module will ask for ”n” components to be loaded. Each component must be
48 hexadecimal digits.

Figure 4.39: Master Key first component loading

The four ways to get or load valid Master Keys in the Cryptographic Module, comes along with
a final confirmation screen.

38
 Figure 4.40: Generated Master Keys

If previous Master Keys were loaded into the Cryptographic Module, they can be kept an marked
as ”Old Master Keys” to be used for key translation purposes.

At the end of the MasterKey external loading process, the Cryptographic Module will ask for
the smartcards to store the already loaded MasterKey, same process as 4.1.9

4.1.10 Set Operation Mode

This option will force the Cryptographic Module to work under:

• Non-Approved mode: no specific security constrains are enforced.

• NIST FIPS PUB 140-2-Approved mode: NIST FIPS PUB 140-2 Level 3 + EFP security
constraints are enforced.
• PCI PTS HSM v2.0-Approved: PCI PTS HSM v2.0 Controlled Environment security con-
straints are enforced.

39
 Figure 4.41: Set Approved Operation Mode

Be aware of every security constrains related to the selected mode before accept to work with it.
Once the Cryptographic Module is fully initialized this option cannot be changed later on.

4.1.11 Setup Client SSH Keys

This option allows to write client’s ssh public key in order reach the console remotely. Read
section 2.2.2

Figure 4.42: SSH Client’s Key

40
4.1.12 Test

Read section 4.2.

4.2 Test

With this option, the Cryptographic Module performs a self-test to check the processing units.
If this option is selected, the module will run an internal test, printing the result on the screen.

Figure 4.43: Self Tests

4.3 Module Identification

The Cryptographic Module shows the following information:

• Module ID: HSM unique identification byte string. There is a bijective relationship between
the Module ID and the Module serial.
• FW version: HSM software version string.
• SW version: Host software version string.
• Host serial: Host unique serial number if the Hardware Security Module is plugged into a
Realsec appliance.

41
 • Module serial: HSM unique serial number if the HSM is plugged into a Realsec appliance.
This is the serial number printed in the HSM sticker. There is a bijective relationship
between the Module serial and the Module ID.
• Firmware: Certified with smartcards.

• Operation mode: Non-Approved mode, NIST FIPS PUB 140-2-Approved mode or PCI
PTS HSM v2.0-Approved mode.

Figure 4.44: CRYPTOSEC SERVER 1.0

4.4 Restart System

Restarts the Cryptographic Module as well as the host where it’s plugged.

42
 Figure 4.45: Restart Cryptosec system

4.5 Shutdown System

Turns off the Cryptographic Module as well as the host where it’s plugged.

Figure 4.46: shutdown Cryptosec system

43
Chapter 5

Production

When the module is in Production mode, the console will display the following menu.

Figure 5.1: Production mode menu

5.1 Enter Authorization

This option makes the Cryptographic Module to enter Authorization mode.

Figure 5.2: Authenticate the administrator

44
An Administrator authentication must be granted by presenting ’m’ of ’n’ cards that belongs to
the same set of Administrator cards.

Figure 5.3: Read first administrator card

If the authentication is granted, the Cryptographic Module will pass into authorization mode.

5.2 View Network configuration

Shows the current Cryptographic Modules network configuration.

Figure 5.4: View Server Configuration

45
5.3 Restart System

Read section 4.4.

5.4 Shutdown System

Read section 4.5.

5.5 Test

Read section 4.2.

5.6 Module Identification

Read section 4.3.

46
Chapter 6

Authorization

The Authorization mode allows access to the Cryptographic Module’s administrative functions.
Therefore, Administrator authentication is mandatory to access into this mode.

Figure 6.1: Authorization mode menu

To exit from Authorization State, press ”ESC” key and confirm the action.

47
 Figure 6.2: Go back to production mode

6.1 Module

This option gives the opportunity to perform Cryptographic Module’s administrative functions.

Figure 6.3: Module menu options

6.1.1 Master Keys Management

Manage the Master Keys through the following commands.

Figure 6.4: Master Keys menu options

48
6.1.1.1 Load/Change Master Keys

Manages the Master Keys.

After the authentication of the Administrator, the process to update the Master Keys can be
read in section 4.1.9.

Export to Master Keys cards Saves the current Master Keys into a Master Keys cards set,
as described in Generate Master Keys Internally or in Generate Master Keys Internally
in section 4.1.9.

6.1.1.2 Delete Old LMKs

Delete the old Masters Key and their LMKs.

Figure 6.5: Confirm deletion of old LMKs

Be sure every working key of the data base has already being translated from the
old Master Keys to the new Master Keys before using this option.

6.1.1.3 Get Master Keys KCV

Retrieves the check value of the current Cryptographic Module’s Master Keys.

49
 Figure 6.6: Master Keys CV

6.1.1.4 Get Old Master Kesy KCV

Retrieves the check values of the old Cryptographic Module’s Master Keys that have been re-
placed when the current Master Keys were loaded. If there are no old Master Keys, this command
will fail.

Figure 6.7: Old Master Keys CV

6.1.2 Set Terminal baud rate

This option allows for changing the terminal’s baud rate. The command presents the current
value and a list of possible values. Once a new value is set, the speed of the communication of
the Terminal must be changed to the same value.

50
 Figure 6.8: Serial Port Settings

The Cryptographic Module’s default baud rate value is 115200.

6.1.3 Set Time and Date

Read section 4.1.1.

6.1.4 Restart System

Read section 4.4.

6.1.5 Shutdown System

Read section 4.5.

6.1.6 Test

Read section 4.2.

6.1.7 Module Identification

Read section 4.3.

6.2 Application Users

Read section 4.1.7.

51
6.3 Custodians

Manage Cryptographic Module’s custodians. Usually custodians means people that keeps safe a
key component.

Figure 6.9: Custodian menu

6.3.1 Add a new custodian

This option adds a custodian to the Cryptographic Module’s Security Environment. The maxi-
mum number of custodians is eight. The Cryptographic Module will ask for custodian name, of
8 ASCII characters. Any ASCII printable character is valid.

Figure 6.10: Add custodian

The custodian card’s name and among other information will be written after PIN authentication.

52
 Figure 6.11: Write custodian card

Figure 6.12: Information message

6.3.2 Import Custodian

A previous custodian’s cardholder can be enrolled to the Cryptographic Module’s Security En-
vironment.

53
 Figure 6.13: Import custodian

After clicking on ”Import” and a successful PIN authentication.

Figure 6.14: Import custodian card

The Cryptographic Module will read its information and add the custodian identification to
the system. In the picture below, a custodian card holder as ”custodi2” user name is properly
imported to the system.

54
 Figure 6.15: Information message

6.3.3 List & Delete Custodians

List and delete a custodian from the Cryptographic Module. Its identification must be selected
before clicking on ”Delete”.

Figure 6.16: List & Delete custodians

The action must be confirmed.

55
 Figure 6.17: Confirm message

6.4 PIN management

Manage PIN related features as well as PIN fraud detection.

Figure 6.18: PIN management menu

6.4.1 PIN Risk Management

This command is used for fraud detection. When the counter reaches the attack limit value of
PIN verifications failures, the Cryptographic Module will stop verifying PINs, because it could
mean that someone is trying to get clear PIN using brute force.

By default, this option is DISABLED.

56
 Figure 6.19: PIN Risk Management - PIN Unblock

PIN Verify State. It shows whether the Cryptographic Module can verify PIN blocks (AC-
TIVE) or it is blocked for a fraud detection (DISABLE).

PIN Try Counter. It shows the current PIN verification attack counter. Sets to 0 this value
to reset the fraud detection or to unblock PIN verification commands.

Set PIN Verification Attack Limit. It sets the value of the PIN verification attack counter.
Once the counter exceeds this limit, the Cryptographic Module’s will block the PIN verification
command. The value must be between 0 and 99999, and the default value is set to 99999.

Set PIN Verification Attack Failure Delta It sets the value that will increase the verifi-
cation attack counter each time the verification of a PIN fails. This parameter can be between
0 and 99999, and the default value is set to 0.

Set PIN Verification Attack Success Delta It sets the value that will decrease the ver-
ification attack counter each time the verification of a PIN succeeds. This parameter can be
between 0 and 99999, and the default value is set to 0.

57
6.4.2 Set Enabled PINBlocks

This option indicates which PIN block formats the Cryptographic Module is enabled to work
with.

Figure 6.20: PIN block types

6.4.3 Set IC Card Environment

This option indicates if the system will allow PIN translations from/to ISO1/ISO3 with PAN
change; it will also allow translations to ISO2 from ISO PIN blocks.

Figure 6.21: IC Card Environment

58
6.4.4 Set Realsec1’s PIN block length

Set the Realsec1’s PIN block length which must be real PIN’s length plus one. For instance, if
4 digits is the length of the PIN the Cryptographic Module has to work with, Realsec1’s PIN
block length must be set to 5 which is the default value.

Figure 6.22: Set Realsec1 PIN block length

6.4.5 Set Encrypted V0 Decimalization Tables

It sets the usage of encrypted decimalization tables. If this option is enabled, it will force to use
encrypted decimalization tables in all commands that take a table as parameter.
By default, this option is DISABLED, which means it only works with clear text tables.

Figure 6.23: Set Decimalization Tables

Otherwise, the tables will be kept being used without encryption.

59
6.4.6 Import Decimalization Table

This option is used for importing decimalization tables into the Cryptographic Module. These
imported tables will be used later on from some of the network commands, if the Cryptographic
Module is properly setup to use ”Encrypted Decimalization tables”. Read section 6.4.5.

If the Cryptographic Module is not configured to operate in this mode, this command will fail.

Figure 6.24: Import Decimalization Table

The decimalization table to type must be 16 decimal digits and after clicking on ”Import”, the
Cryptographic Module will return the table:

• Encrypted within container v0 (Legacy)

• Clear text within container v1
• Encrypted within container v1

60
Figure 6.25: Encrypted Decimalization Table within Container v0

Figure 6.26: Clear Text Decimalization Table within Container v0

61
 Figure 6.27: Encrypted Decimalization Table within Container v1

If the Decimalization Table to be imported does not meet the minimum requirements to be
consider as a secure decimalization table, the Cryptographic Module will pop up an alert message.

Figure 6.28: Insecure Decimalization Table

6.5 Symmetric keys

This option performs administrative tasks about DES and AES keys.

62
 Figure 6.29: Symmetric keys menu

6.5.1 Generate Symmetric Key

This option generates a random DES/AES key.

Figure 6.30: Generate symmetric key

The following parameter will be requested:

Key Type Select one of the options, DES or AES Key.

LMK It must be between 01 and 99 and the value to fill in will depend on its future usage.
The available values can be found in the Key Usage table at the Command Operative manual.

Key length Length of the key to be generated.

• DES Keys: S -8 bytes, D-16 bytes and T -24 bytes

• AES Keys: 128 -16 bytes, 192 -24 bytes and 256 -32 bytes

63
Store Key in Cryptographic Module Checking this option the generated key will be stored
inside Cryptographic Module’s memory and a key handle will be shown.

Key output settings Although the key was going to be stored inside the Cryptographic
Module’s memory, it can also be returned for external storage (encrypted or components).

• None: No output cryptogram or components will be generated.

• Enc. V0 : Output encryption according to v0 Realsec’s first specifications will be gener-
ated. Not allowed in NIST FIPS PUB 140-2-Approved mode. Not allowed for AES Keys
in PCI PTS HSM v2.0-Approved mode.
• Enc. V1 : Output encryption according to v1 Realsec’s v1 specifications will be generated.

Print key components The key components will be printed out through a printer connected
directly to the Cryptographic Module.

Depending on the ”Operation mode” and the options selected, the Cryptographic Module will
pop up with some error screens due to not permitted configurations.

Figure 6.31: Wrong parameters - Configuration not permitted alert screen

If ”Store inside Cryptographic Module” is selected, a key handle or index and its KCV will be
returned before the command finishes.

64
 Figure 6.32: Cryptographic Module key handle - Internal key storage

Selecting not to store inside the Cryptographic Module, the cryptogram of the key will be shown
(encrypted under the corresponding LMK) with its KCV and according to the encryption version
selected.

Figure 6.33: Encrypted key - External V0 key encryption

65
 Figure 6.34: Encrypted key - External V1 key encryption

If ”components” output format is choosen, the System will ask for the number of custodians to
whom the key components are going to be shown.

Figure 6.35: Split key into components

Once the custodian is authenticated

66
 Figure 6.36: Authenticate custodian 1 of 2

each component and its KCV will appear on console and it can be written down until clicking
on ”Accept” or ”Refuse”.

Figure 6.37: Component 1 of 1

6.5.2 Import Symmetric Key Components

Load a DES/AES key by its components.

67
 Figure 6.38: Import symmetric key components

The following parameter will be requested:

Key Type Select one of the key types to import, DES or AES Key.

LMK It must be between 01 and 99 and the value to fill in will depend on its future usage.
The available values can be found in the Key Usage table at the Command Operative manual.

Key length Length of the key to be generated.

• DES Keys: S -8 bytes, D-16 bytes and T -24 bytes

• AES Keys: 128 -16 bytes, 192 -24 bytes and 256 -32 bytes

Output Key options As the result of the process, the Cryptographic Module will return:

• In Cryptographic Module: Key handle or index of the key inside the Cryptographic
Module.

• Enc. V0 : Cryptogram encrypted according to V0 Realsec’s first specifications. Neither

allowed in NIST FIPS PUB 140-2-Approved mode nor allowed for AES Keys in PCI PTS
HSM v2.0-Approved mode.
• Enc. V1 : Cryptogram encrypted according to V1 Realsec’s specifications.

Clicking on ”Load” the process starts asking for the number of custodians who have to load the
key.

68
 Figure 6.39: Number of custodians

Only correct parameters are accepted.

Figure 6.40: Number of custodians - Error

Each custodian must type its component and the KCV (optional) and select ”Continue”.

69
 Figure 6.41: Load custodian key part 1 of 2

Custodian authentication must be performed.

Figure 6.42: Authenticate custodian 1 of 2

If the custodian is granted, the Cryptographic Module calculates and matches with the KCV, if
it was informed, or returns it in order to be accepted or refused.

70
 Figure 6.43: Computed KCV 1 of 2

At the end of the process, the Cryptographic Module returns the encrypted key and its KCV or
the key handle, depending of the output format selected.

Figure 6.44: Encrypted key

71
 Figure 6.45: Cryptographic Module key handle

6.5.3 Export Symmetric Key components

Calculate and return the ’n’ components of a given DES/AES key.

The following parameter will be requested if ”External V0” source is checked:

Figure 6.46: Export symmetric key components

72
LMK It must be between 01 and 99 and the value to fill in will depend on the usage of the
key to export.

Key length Length of the key to export.

Encrypted Key input The cryptogram (key encrypted under the informed LMK) of the key
to export.

KCV Key Check Value of the key to export.

Note that V0 storage is neither allowed in NIST FIPS PUB 140-2-Approved mode nor allowed
for AES Keys in PCI PTS HSM v2.0-Approved mode.

In case of select ”Cryptographic Module” key storage, just select the key to be exported from
the list shown on the screen:

Figure 6.47: Export symmetric key components

In both cases:

Print components Check it if needs to print out the key components through a printer
connected directly to the Cryptographic Module.

Clicking on ”Export”, the exportation process starts and the Cryptographic Module asks for the
number of components to generate.

73
 Figure 6.48: Generate symmetric key components

And after every custodian authentication.

Figure 6.49: Authenticate custodian 1 of 2

Its component will appear on the screen.

74
 Figure 6.50: Component 1 of 2

6.5.4 List and delete Symmetric Key

Show all the key handles which are stored within the Cryptographic Module and allows to delete
them.

Figure 6.51: List and delete Symmetric Keys

75
 Figure 6.52: List and delete Symmetric Keys Info

6.6 RSA Public Key Import Management

Allowing this option, a RSA Public Key can be imported into the Cryptographic Module’s
Security Environment, using the analogous network command, otherwise the command will be
rejected.

76
 Figure 6.53: RSA Public Key import management

When the network command arrives to the Cryptographic Module with the public key to be
imported, the Cryptographic Module generates and presents the SHA-512 of the public key
which must be confirmed as a valid hash result.

Figure 6.54: RSA Public Key import management

Right after checking ”Allow”, pressing on ”Check” the calculated sha1 of the public key is shown

77
on the screen to be confirmed in case of any request is pending.

Otherwise, an error message will be shown.

Figure 6.55: Check again

6.7 Server configuration

Read section 4.1.2

6.8 Printer Configuration

Manage all options related to printing out functionality.

The printer functionality can be ’ENABLE’ or ’DISABLE’ through this menu, as well as the
speed of the printer can be change, as well as the format string.

78
 Figure 6.56: Printer configuration

Before using any printing commands, it is necessary to define the format of the document in
which the information will print out. That ”Format String” will remain in the Cryptographic
Module until it is overwritten.

The ”Printer Format String” may contain any fixed text, although it is recommended to restrict
it to format characters (symbols in the below table). This is due to the fact that it is limited to
400 characters and if fixed text is used, the amount of text will be limited. It is a better choice
to send the fix-strings within the network command. In this case it is possible to have up to 16
fixed text strings, 252 characters each.

Symbols allows for the ”Printer Format String” field are in the following table:

Table 6.1: Format Strings Symbols

Symbol Hex. Value Description

>L 0x3E 0x4C New line, carriage return
>V 0x3E 0x56 Vertical Tab
>H 0x3E 0x48 Horizontal Tab
>F 0x3E 0x46 Page break
>nnn 0x3E 0x3n 0x3n 0x3n Goes to the column nnn from the left margin, where
nnn is a 3 digit decimal number

79
 Table 6.1: Format Strings Symbols (continued)

Symbol Hex. Value Description

ˆM 0x5E 0x49 Prints the third decrypted key component of a given
key.
ˆP 0x5E 0x50 Prints decrypted PIN for envelope 1, or print a de-
crypted key component.
ˆQ 0x5E 0x51 Prints decrypted PIN for envelope 2, or print a de-
crypted key component.
ˆR 0x5E 0x52 Prints the reference for envelope 1
ˆS 0x5E 0x53 Prints the reference for envelope 2
ˆT 0x5E 0x54 Prints the last 6 digits of a bank account number for
envelope 1, or prints the KCV of a key component
ˆU 0x5E 0x55 Prints the last 6 digits of a bank account number for
envelope 2
|<L><hh. . . hh> 0x7C <L><hh. . . hh> Send binary data to the printer, for example, e.g. a
control sequence. L contains the number of bytes to
send, up to 255 bytes, followed by the data bytes to
send.
ˆ0 0x5E 0x30 Inserts print field 0 sent in the function that uses
printing
ˆ1 0x5E 0x31 Inserts print field 1 sent in the function that uses
printing
... ... ...
ˆF 0x5E 0x46 Inserts print field 15 sent in the function that uses
printing

Note that, although all symbols are supported, each command details what are the necessary
ones to return the information. A valid example of format string to print out key components
can be as follows:

>Lˆ0ˆPˆ1ˆT>F

Key components can be printed out at this time.

6.9 Smartcards

This option holds commands for smart card related operations.

80
 Figure 6.57: Smart cards menu

6.9.1 New Smart Card Communication Key

Read section 4.1.4.

6.9.2 Update new SCCK in cards

This operation replaces on each smart card a previously set SCCK with the new SCCK created
on the Cryptographic Module see(4.1.4).

Please do not confuse this process with the Enrollment process described in 4.1.5.

Figure 6.58: Update new SCCK in cards

Note that the Cryptographic Module only keeps the former SCCK. It is very important to update
the new SCCK in every card involve in the Cryptographic Module’s management just right after
a new SCCK has been created. Otherwise, future access to the smart card can be compromised.

81
 Figure 6.59: Card authentication

6.9.3 Smart Cards Enrollment

Read section 4.1.5.

6.9.4 Reset Smart Cards

Resets smart cards. This includes the stored information zeroization, the PIN (changed to
’00000000’) and the communication key (changed to ’00 .. 00’).

Figure 6.60: Reset SmartCard

6.9.5 Change Card’s PIN

Change the PIN of any smart card that belongs to the Cryptographic Module’s Security Envi-
ronment.

First, the new PIN must be introduced twice.

82
 Figure 6.61: Change PIN

After that, the old PIN must be required to be granted and changed.

Figure 6.62: Change PIN

Figure 6.63: Information message

83
6.9.6 Replicate Cards

Replicate the secret kept within a whole set of cards (Master Keys, Administrator or User) or
just copy the information of just one card into another card.

Figure 6.64: Replicate cards menu

6.9.6.1 Replicate Set

The command starts a sequence of source’s cards reading and continues with a sequence of
destination’s cards writing.

Figure 6.65: Replicate card set

Figure 6.66: Read first card

84
 Figure 6.67: Write replicated set

At this point, a any new ’m’ of ’n’ scheme can be chosen for the new set of cards.

Figure 6.68: Information message

Although the replicated secret is the same in the new card set, it has been split in a different
way, so both set of cards can work simultaneously but cannot be shuffled.

85
6.9.6.2 Copy Card

The command reads the original card of any type and then write the information in the new
blank card.

Figure 6.69: Replicate a single card

Figure 6.70: Read card

86
 Figure 6.71: Write card

Figure 6.72: Information message

6.9.7 Show Card Info

This command shows the following information from the smart card:

• Card’s Serial Number

• Card’s Type
• Card’s ID

• ’m’ of ’n’ values

• Index of the card

87
 Figure 6.73: Show card info

Figure 6.74: Show card info

6.10 Log Configuration

Allows for the follwing log-related operations:

• Enables/Disables the Network commands log.

• Enables/Disables the system events log.
• Forces the emission of a log section regardless if it is full or not by clicking on ”Flush log”
button.

It also displays the identificator of the last emitted log section.

88
Figure 6.75: Log configuration

89
Appendix A

Physical Ports and Logical

Interfaces

The physical ports and logical interfaces are described in [Security Policy, Module Interfaces].

90
Appendix B

Secure Module Administration

B.0.1 Secure Administration

B.0.1.1 Initialization

When the Cryptographic Module is received, the Crypto Officer must check its cases for evidence
of tampering. Such indications include prying, bending, or cutting of the metal casing.

After checking the Cryptographic Module for evidence of tampering, the Crypto Officer must
connect the module to the PCIe port on the computer to be used. The console connection
must also be established. The installation files contain all the setup files needed to access the
Cryptographic Module.

The Cryptographic Module is delivered initialized is such a way that a challenge mechanism
is used to assure that the Cryptographic Module has not been tampered with throughout the
delivery process.

Once the challenge has been solved, the module is to be initialized according to the customer’s
preferences. The initialization process is performed through the terminal console. It is guided
by a wizard.

B.0.1.2 Management

The Cryptographic Module can be administered using the console and the supplied drivers. This
software allows the User to access all the functions supported by the Cryptographic Module, and
check its status. Crypto Officer and User guides are available from Realsec.

Once the initialization process has finished, the module can be operated in its normal way.

The Crypto Officer is responsible for:

• Keep track of the Cryptographic Module.

91
 • Routinely check the Cryptographic Module for signs of physical tampering. If strange
activity or damage to the cases is shown, the Crypto Officer shall take the module off-line
and investigate.
• Keep up to date the Custodian and User lists.

• Encourage the back-up of the smart card sets and individual cards, and that the back-ups
are up to date.

The battery must be changed every 4 years. It can be done, with care, while the module is
working. If it is done in absence of PCIe power supply, the operation should not last more than
a minute.

B.0.1.3 Termination

When the usage of the Cryptographic Module has been completed, it should be zeroized by the
Crypto Officer in order to wipe all data. This zeroization should be done by:

• using the appropriate command from recovery mode;

or

• pushing the tamper switch on the PCIe bracket.

Once the Once the data is zeroized, take apart the battery. The module should then be stored
in a secure location. The Cryptographic Module’s smart cards should be destroyed or reset.

B.0.2 Secure Operation

The User (User, Custodian or card holder) behavior with respect to the secure operation of the
Cryptographic Module is mainly related to the secret of the smart card password and the keys
or keys components that the User guards. The User should be careful not to provide private
keys and secret keys to other parties, nor provide the smart card password to anyone. The User
should change regularly the card password.

B.0.3 General Rules

• User and Crypto Officer must logout their sessions when they finishes using the Crypto-
graphic Module.

• The Cryptographic Module enforces that the operator secrets (User passwords and smart
card PINs) are formed by eight printable characters.
• It is recommended that for increased security the secret is formed by at least one character
of each the following types:

92
– Lower case letters.
– Upper case letters.
– Numbers.
– Symbols.

93
Bibliography

[Security Policy] Realsec, Cryptosec Dekaton FIPS140-2 Security Policy.

94