3.4.1 Create the Security World
Security World is created with the new-world utility documented in the nShield Edge and Solo User Guide for Windows. The module must be moved to the pre-initialization mode.
The example shown in Figure 3-5 creates a new Security World:
- -i: Creates a new Security World.
- -m: Specifies ID of the physical HSM module to be added to the Security World.
- -i: Creates a new Security World.
- -Q: Specifies the minimum number of smart cards needed from the ACS to authorize a feature and the total number of smart cards to be used in the ACS. This example has a total of two cards, with only one card needed to authorize a feature.
- -c: Tells the utility what type of key must be used for the new Security World. This example uses the 1024-bit AES key. Options must be considered on the basis of the desired security strength.
During creation of the Security World, the user is prompted to insert and initialize all ACS cards specified by the -Q option.
Note:
- The values of the
hknso
parameters can be used to uniquely identify the Security World. - If the module is not in the pre-initialization state, creation of the Security World might encounter an error:
The new Security World is a file that is created in the following location:
%NFAST_KMDATA%\local.
Note: This location also contains all other
related security keys.
Once the Security World is created, the module must be moved to the operational mode.