Configure a transaction processing connection

1 min

for this step, you need to log in with an identity that has a role with the following permissions role\ add , role\ assign all permissions , role\ modify , keys\ all slots , and command settings\ excrypt you can use the default administrator role and admin identities this integration guide treats the terms application partition and role as synonymous before logging in to the hsm with an authenticated user, an application connects through a transaction processing connection to the transaction processing application partition therefore, you must take steps to configure the following items to harden this partition it should not have access to the all slots permissions it should not have access to any key slots enable only the pkcs #11 communication commands choose one of the following methods to configure the transaction processing connection excrypt manager perform the following steps to configure a transaction processing connection on excrypt manager go to the application partitions menu, select the transaction processing application partition, and select \[ modify ] in the permissions tab, leave the top level keys permission checked and uncheck the all slots sub permission in the key slots tab, ensure that the settings do not specify key ranges by default, the transaction processing application partition can access the entire range of key slots on the hsm in the commands tab, make sure to enable only the following pkcs #11 communication commands command description asys generate signature using pki private key echo communication test/retrieve version gpkm retrieve key table information gpkr general purpose key settings get (read only) gpks general purpose key settings get/change hash retrieve device serial prmd retrieve hsm restrictions rand generate random data stat hsm statistics time set time fxcli run the following role modify fxcli commands to remove all permissions and key ranges that are currently assigned to the transaction processing role and enable only the pkcs #11 communication commands because the transaction processing role was previously called the anonymous role, the following commands specify anonymous in the name field fxcli role modify name anonymous clear perms clear key ranges fxcli role modify name anonymous add perm "keys" add perm excrypt\ asys add perm excrypt\ echo add perm excrypt\ gpkm add perm excrypt\ gpkr add perm excrypt\ gpks add perm excrypt\ hash add perm excrypt\ prmd add perm excrypt\ rand add perm excrypt\ stat add perm excrypt\ time