1. Manuals
  2. Brands
  3. Entrust Manuals
  4. Network Hardware
  5. nShield Edge
  6. Installation manual

Entrust nShield Edge Installation Manual

Hide thumbs Also See for nShield Edge:
Table of Contents

Advertisement

Quick Links

Download this manual
nShield Security World
nShield Edge
v12.40 Installation Guide
04 March 2024

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the nShield Edge and is the answer not in the manual?

Questions and answers

Related Manuals for Entrust nShield Edge

Summary of Contents for Entrust nShield Edge

  • Page 1 Security World nShield Edge v12.40 Installation Guide 04 March 2024...

  • Page 2: Table Of Contents

    Contents Chapter 1: Introduction About this guide Additional documentation Typographical conventions Chapter 2: Safety and security FIPS Chapter 3: Regulatory notices FCC class A notice Canadian certification - CAN ICES-3 (A) /NMB- 3(A) Recycling and disposal information Avis juridiques Classe A de la FCC Certification canadienne - CAN ICES-3 (A) /NMB- 3(A) Information concernant le recyclage et le traitement Rechtliche Informationen...
  • Page 3 None of the LEDs are lit The Mode LED is amber or red The Status LED is flashing irregularly and the nShield Edge is unresponsive for more than a few minutes The Security World Software does not detect the connected nShield Edge...
  • Page 4 Uninstalling Unix software Uninstalling on Linux Appendix B: Components on Security World Software installation media (Windows and Unix) Security World for nShield User installation media Component bundles Individual components CipherTools installation media Component bundles Individual components CodeSafe installation media Component bundles Individual components Common component bundles Common component bundles...

  • Page 5: Chapter 1: Introduction

    Authorities (CAs) and Registration Authorities (RAs), code signing, and remote HSM operations. The nShield Edge combines a full-featured HSM with a smart card reader, which you can use to securely store and access your organization’s high-value occasional-use keys, such as certificate signing keys.

  • Page 6: Additional Documentation

    You can find additional documentation in the directory of the installation media, including document the nShield Edge and nShield Solo User Guide, which describes how to use the Security World Software. We strongly recommend that you read the release notes in the...

  • Page 7: Chapter 2: Safety And Security

    If there are any signs of tampering, do not use the cable and the nShield Edge. Figure 1. Holographic tamper label Where possible, use the lock slot of the nShield Edge to secure it to a desk with a compatible lock (not supplied). N-018201-X...

  • Page 8: Fips

    Protect your pass phrase in line with your organization’s security policy. FIPS There are a number of nShield Edge variants, some certified to different FIPS 140-2 levels. The FIPS rating is indicated on the label on the nShield Edge. N-018201-X...

  • Page 9: Chapter 3: Regulatory Notices

    Chapter 3: Regulatory notices FCC class A notice This nShield Solo HSM complies with Part 15 of the FCC rules. Operation is subject to the following two conditions: 1. This device may not cause harmful interference, and 2. This device must accept any interference received, including interference that may cause undesired operation.

  • Page 10: Avis Juridiques

    Avis juridiques Avis juridiques Classe A de la FCC Ce HSM Solo nShield répond aux exigences de la partie 15 du règlement de la FCC. Le fonctionnement est soumis aux deux conditions suivantes: 1. Cet appareil ne peut pas causer d'interférence nuisible, et 2.

  • Page 11: Rechtliche Informationen

    Rechtliche Informationen Rechtliche Informationen Hinweis FCC-Klasse A Das nShield Solo-HSM erfüllt die Anforderungen von Teil 15 der FCC-Bestimmungen. Der Betrieb des Geräts unterliegt den folgenden zwei Bedingungen: 1. Das Gerät darf keine störenden Interferenzen verursachen, und 2. Dieses Gerät muss störenden Interferenzen, die auf das Gerät auftreffen, widerstehen (einschließlich Interferenzen, die einen ungewollten Betrieb verursachen).

  • Page 12: Notificaciones Reglamentarias

    Notificaciones reglamentarias Notificaciones reglamentarias Notificación clase A de la FCC Este HSM nShield Solo cumple con la parte 1 5 de la reglamentación de la Comisión Federal de Comunicaciones (Federal Communications Commission, FCC) La operación está sujeta a las dos siguientes condiciones: 1.

  • Page 13: Chapter 4: Before You Install The Software

    Chapter 4: Before you install the software Note: Do not connect the nShield Edge to your computer before installing the Security World Software. Uninstall any older versions of Security World Software. See Appendix A: Uninstalling existing software on page Preparatory tasks before installing software Perform any of the necessary preparatory tasks described in this section before installing the Security World Software.

  • Page 14: All Environments

    Chapter 4: Before you install the software All environments Install Java with any necessary patches The following versions of Java have been tested to work with, and are supported by, your nCipher Security World Software: Java5 (or Java 1.5x) Java6 (or Java 1.6x) Java7 (or Java 1.7x) Java8 (or Java 1.8x).
  • Page 15 All environments The types of application that are to use the module The amount of disc space available for the installation Your company’s policy on installing software. For example, although it may be simpler to choose all software components, your company may have a policy of not installing any software that is not required.

  • Page 16: Firewall Settings

    Remote Operator If you are using an nShield Edge as a Remote Operator slot for an HSM located elsewhere, you need to open port 9004. You may restrict the IP addresses to the addresses you expect to use this port. You can also restrict the IP addresses accepted by the hardserver in the configuration file.

  • Page 17: Chapter 5: Installing The Software

    This chapter describes how to install the Security World Software on the computer to which your nShield Edge will be connected. After you have installed the software and connected an nShield Edge to your computer, you must complete further Security World creation, configuration and setup tasks before you can use your nShield environment to protect and manage your keys.

  • Page 18: Installing On Linux

    Chapter 5: Installing the software Installing on Linux To install the Security World Software for Linux: 1. Log in as a user with root privileges. 2. Place the installation media in the optical disc drive, and mount the drive. 3. Open a terminal window, and change to the root directory. 4.

  • Page 19: Chapter 6: Setting Up The Nshield Edge

    Edge Power saving options Note: Do not use the power-saving features of your computer when the nShield Edge is connected. If your computer goes into standby or sleep mode, the hardserver restarts automatically. If your computer has power saving features enabled, do the following: 1.

  • Page 20: Enabling Optional Features

    30 seconds. Do not click Close. When the hardserver has restarted, you are ready to use the nShield Edge with the Security World Software. See the nShield Edge and nShield Solo User Guide for more about creating a Security World and using the Security World Software.

  • Page 21: Checking The Installation

    Checking the installation Checking the installation To check that the software and nShield Edge have been installed correctly: 1. Log in as a user and open a command window. 2. Run the command: enquiry 3. The following is an example of the output following a successful...

  • Page 22: Chapter 7: Using The Nshield Edge

    Lights green when a smart card is inserted. F: Status LED Shows the status of the nShield Edge. Clears the memory of the nShield Edge and changes the selected G: Clear button mode. When using this button, press and hold it for a couple of seconds.

  • Page 23: Mode Leds

    Green In Operational mode Green flashing Operational mode selected You generally use the nShield Edge in Operational (O) mode, but you must put it into Initialization (I) mode when creating the Security World. Changing the mode To change the mode: 1.

  • Page 24: Chapter 8: Troubleshooting

    The Mode LED is amber or red The nShield Edge is not in the Operational (O) mode. Press the Mode button to select the Operational mode, and then press and hold the Clear button for a couple of seconds. Wait a few seconds before using the nShield Edge.

  • Page 25: Chapter 9: Nshield Edge Windows Compatibility Issues And Considerations

    USB devices to make sure the Guest will not connect to the nShield Edge directly again. Add a serial port to the VM, specifying to use a physical serial port, on the host, and selecting the USB serial port from the previous step. Save the settings.

  • Page 26: Chapter 10: Dimensions And Operating Conditions

    Chapter 10: Dimensions and operating conditions Chapter 10: Dimensions and operating conditions Dimensions (with stand closed) 120 (w) x 118 (h) x 27 (d) mm Weight 340g Powered by USB host device 5V, 700mW Operating temperature 5 – 45 °C Storage temperature -40 –...

  • Page 27: Appendix A: Uninstalling Existing Software

    Appendix A: Uninstalling existing software Appendix A: Uninstalling existing software nCipher recommends that you uninstall any existing older versions of Security World Software before you install new software. If the installer detects an existing Security World Software installation, it asks you if you want to install the new components.

  • Page 28: Uninstalling Unix Software

    Uninstalling Unix software Uninstalling Unix software Uninstalling on Linux To uninstall the Security World Software from Linux: 1. Assume the nFast Administrator privileges or root privileges by running the command: $ su - 2. Type your password, then press Enter. 3.
  • Page 29 Appendix A: Uninstalling existing software 6. Unless needed for a subsequent installation, remove the user and, if it exists, the user nfast ncsnmpd a. Open the file with a text editor. /etc/group b. Remove the line that begins with the form: nfast:x:n In this line, n is an integer.

  • Page 30: Appendix B: Components On Security World Software Installation Media (Windows And Unix)

    Appendix B: Components on Security World Software installation media (Windows and Unix) Appendix B: Components on Security World Software installation media (Windows and Unix) This appendix lists the contents of the component bundles and the additional software supplied on your Security World Software installation media.

  • Page 31: Individual Components

    Appendix B: Components on Security World Software installation media (Windows and Unix) Individual components Unix Package Description (Windows and Unix) - Windows only nCipher CAPI-NG providers and tools hwcrhk Crypto Hardware Interface (CHIL) plugin jcecsp nCipherKM JCA/JCE provider classes - Windows only CSP Console utilities - Windows only CryptoAPI CSP GUI and console installers...

  • Page 32: Individual Components

    Individual components Individual components Unix Description (Windows and Unix) Package - Windows only nCipher CAPI-NG providers and tools devref nCore API Documentation hwcrhk Crypto Hardware Interface (CHIL) plugin jcecsp nCipherKM JCA/JCE provider classes - Windows only CSP Console utilities - Windows only CryptoAPI CSP GUI and console installers ncsnmp Net-SNMP monitoring agent, utilities with nCipher MIB functionality...

  • Page 33: Individual Components

    Appendix B: Components on Security World Software installation media (Windows and Unix) Individual components Unix Description (Windows and Unix) Package - Windows only nCipher CAPI-NG providers and tools csdref nCore CodeSafe API Documentation devref nCore API Documentation gccsrc Prebuilt arm-gcc for Codesafe/C gccsrc Prebuilt powerpcm-gcc for Codesafe/C hwcrhk...

  • Page 34: Common Component Bundles

    Common component bundles Common component bundles nCipher supply component bundles containing many of the necessary components for your installation. Certain standard component bundles are offered for installation on all standard Security World Software installation media, while additional component bundles are found on CipherTools and CodeSafe installation media.
  • Page 35 Appendix B: Components on Security World Software installation media (Windows and Unix) Core tools The Core Tools (recommended) bundle contains all the Security World Software command-line utilities, including , low level utilities, and test programs: generatekey Unix Package Description (WIndows and Unix) convrt Command line key conversions nftcl...

  • Page 36: Additional Component Bundles

    Additional component bundles Remote Administration Service The Remote Administration Service bundle contains the Remote Administration Service installation and configuration. When installed, the Remote Administration Service starts automatically. Remote Administration Client Graphical User Interface and command line versions of the Remote Administration Client. nShield Connect firmware files Firmware image files for the nShield Connect.
  • Page 37 Appendix B: Components on Security World Software installation media (Windows and Unix) nCipher supply the following additional component bundles on CodeSafe installation media: Code safe Java developer. CipherTools Developer The CipherTools Developer bundle contains components supplied with the CipherTools Developer Kit: Unix Package Description (Windows and Unix) emvspj JNI library for payShield Java...
  • Page 38 Additional component bundles CodeSafe Developer The CodeSafe Developer bundle contains components supplied with the CodeSafe Developer Kit: Unix Package Description (Windows and Unix) csee Codesafe-C moduleside example code csee Codesafe-C hostside example code module Firmware test scripts Generic stub libraries and headers, and example C source for utility nflibs functions nfuser...

  • Page 39: Components Required For Particular Functionality

    Components required for particular functionality Some functionality requires particular component bundles or individual components to be installed. If you are planning to use Security World Software with an nShield Edge, ensure that the optional Edge Monitor Controller feature is selected during installation.

  • Page 40: Keysafe

    KeySafe KeySafe To use KeySafe, install the Core Tools and the Java Support (including KeySafe) bundles. Microsoft CAPI CSP If you require the Microsoft CAPI CSP, you must install the CSP components: CSP console utilities CryptoAPI CSP GUI and console installers Microsoft Cryptography API: Next Generation (CNG) If you require the Microsoft CNG, you must install the CNG component: nCipher CAPI-NG providers and tools...

  • Page 41: Ncipherkm Jca/Jce Cryptographic Service Provider

    Appendix B: Components on Security World Software installation media (Windows and Unix) nCipherKM JCA/JCE cryptographic service provider If you want to use the nCipherKM JCA/JCE cryptographic service provider, you must install both: The Java Support (including KeySafe) bundle The nCipherKM JCA/JCE provider classes component An additional JCE provider is supplied that is required for RSA encryption nCipherRSAPrivateEncrypt...

Table of Contents