Skip to main content
This section explains how to configure vSEC:CMS to use the KMES Series 3 for the Operator Service Key Store (OSKS). During this process, the master key stored on the System Owner (SO) token migrates to the KMES.

Log in to the Operator Console

Perform the following steps to log in to the vSEC:CMS Operator Console (OC):
1
Start the vSEC:CMS Admin application.
2
When prompted, insert your System Owner (SO) hardware credential.
3
Enter the operator passcode for the System Owner and select [ Authenticate ].
If authentication succeeds, the Admin application starts, and you are logged in to the Operator Console.

Add service key store

Perform the following steps to add the service key store with HSM:
1
In the navigation menu, select Options > Operators.
2
Select the [ Add service key store ] button.
3
In the Add Service Key Store (HSM) window, select the Futurex PKCS #11 library in the Key store drop-down list, specify a Store name, and select [ Add ].
4
Enter the operator passcode for the System Owner and select [ OK ]*.
After the new service key store is created, the master keys are stored on the KMES Series 3. You should see a message similar to the following example, confirming that the operation succeeded:
None
The new service key store KMES Series 3 
has been successfully created and activated.

The service key store: System Keystore
has been deactivated.
Now, all administration key operations performed with the vSEC:CMS, such as registering a smart card token or PIN unblock operations, use the master keys stored on the KMES Series 3.

View the keys

vSEC:CMS creates two 3DES symmetric encryption keys on the KMES Series 3. These are the master keys used by the vSEC:CMS application, and they have the CMS MK0 and CMS MK1 PKCS #11 labels. To view the keys vSEC:CMS created on the KMES Series 3, perform the following steps:
1
Log in to the KMES application interface with the default admin identities.
2
Go to Key Management > Keys.
3
Select the symmetric key group Versasec created on the KMES through the PKCS #11 library.
This displays the two Triple 3DES symmetric data encryption keys in the Keys section of the menu.