Create and manage cryptographic keys (Entrust nShield)
There are three utilities available to create and manage HSM keys for Entrust nShield:
- KeySafe. To create sensitive data keys.
- OneSpan Key Management Tool for Entrust nShield. To create storage data keys, key encryption keys, and transport keys.
- generatekey. To create sensitive data keys and secure auditing keys.
The OneSpan Key Management Tool for Entrust nShield is installed with OneSpan Authentication Server and can only be run after the OneSpan Authentication Server setup, but should run before finishing the OneSpan Authentication Server Configuration Wizard.
If you are using Entrust nShield HSM devices with OneSpan Authentication Server, the protection type for all sensitive data keys, storage data keys, and audit data keys must be set to module (as opposed to softcard or token). When you use the generatekey command, you can accomplish this by using the protect=module parameter.