3.4.1 Create the Security World

Security World is created with the new-world utility documented in the nShield Edge and Solo User Guide for Windows. The module must be moved to the pre-initialization mode.

The example shown in Figure 3-5 creates a new Security World:

  • -i: Creates a new Security World.
  • -m: Specifies ID of the physical HSM module to be added to the Security World.
  • -i: Creates a new Security World.
  • -Q: Specifies the minimum number of smart cards needed from the ACS to authorize a feature and the total number of smart cards to be used in the ACS. This example has a total of two cards, with only one card needed to authorize a feature.
  • -c: Tells the utility what type of key must be used for the new Security World. This example uses the 1024-bit AES key. Options must be considered on the basis of the desired security strength.

During creation of the Security World, the user is prompted to insert and initialize all ACS cards specified by the -Q option.

Figure 3-5. Sample Output from Creation of New Security World
Note:
  • The values of the hknso parameters can be used to uniquely identify the Security World.
  • If the module is not in the pre-initialization state, creation of the Security World might encounter an error:
    Figure 3-6. Error Message if Module is Not in Pre-Initialization State
The new Security World is a file that is created in the following location: %NFAST_KMDATA%\local.
Note: This location also contains all other related security keys.

Once the Security World is created, the module must be moved to the operational mode.