Creating a sensitive data key (Entrust nShield)
You can use the following tools to create sensitive data keys for Entrust nShield:
- generatekey command-line utility
- KeySafe UI tool
To create a sensitive data key using the generatekey command-line utility, run the following command:
generatekey -g custom protect=module type=AES plainname="plain_name" size="128" blobsavefile="blob_filename.blob" nvram="no" seeintegname=""
where:
- plain_name is the desired key name.
- blob_filename is the desired file name for the BLOB.
This command creates the BLOB file in the current directory. Furthermore, it generates the following file: blob_filename_inf.txt
This file contains important information about the key. Some of the information therein (e.g. key hash) will need to be provided during the configuration phase of the installation, i.e. via the Configuration Wizard.
For more information about the configuration phase of installation, see Configuring OneSpan Authentication Server (advanced installation).