Generate Hrk (Sk) - Thales payShield 10K Installation And User Manual

Generate HRK (SK)

Command: SK
Function: To generate a new HSM Recovery Key (HRK). Once installed, the HRK will be
used to back-up secret key material inside the HSM into persistent memory (a
process known as key synchronization).
The following secret key material is backed-up in this process:
Authorization: The HSM must be in the secure state to run this command.
• Passphrases 1 & 2 (each entered twice for verification).
Inputs:
• Prompts, as above.
Outputs:
• Passphrase rules.
• Creating HRK message.
• Key synchronization message.
• The HRK replaces the RMK (used in previous versions of software).
Notes:
Example 1: This example demonstrates the use of the SK console command to
generate an HRK.
Secure> SK
**** NOTE ****
Passphrase rules as follows:
1 - Must be between 8 and 30 characters long.
2 - Can contain spaces
3 - Must be comprised of (at a minimum):
Re-enter administrator 1 passphrase: ********************
Re-enter administrator 2 passphrase: **************
Creating HRK. Please, wait ... DONE
HRK generated successfully
Key synchronization complete
Secure>
©Thales Group
All Rights Reserved
payShield 10K Installation and User Guide
•
Secure Host Communications key material:
HSM's private key
o
•
Remote Management key material:
HSM's private key
o
HSM's public key certificate
o
CA public key certificate
o
<Return>
2 digits
2 uppercase characters
2 lowercase characters
2 symbols (e.g. !/?.#:')
Enter administrator 1 passphrase: ********************
Enter administrator 2 passphrase: **************
Variant  Key Block 
Online  Offline 
Authorization: Not required
Secure 
Page 439