Secure printing
Encrypted File Transport

Configure Excrypt Touch

7min

This section covers how to configure the Excrypt Touch and then use the Excrypt Touch to connect the KMES Series 3 to the platform and configure additional items related to user roles and identities.

Perform the following tasks after logging in locally to the Excrypt Touch with the default admin identities.

Set major keys

Refer to the Excrypt Touch User Guide for instructions on how to load major keys on the Excrypt Touch.

You must load the same PMK and BEK on the KMES Series 3 and Excrypt Touch. Ensure that the key checksums match.

Create a KMES connection profile

1

From the Excrypt Touch Dashboard, select the Add Device button represented by the plus sign located underneath your active servers to the left.

2

In the Add Device window, enter the following required information:

Configuration setting

Description



Name

An appropriate device name.



Host

The host IP address of your device



Description

Optional field to describe your device



Port

An example port is port 5000, which is the default port for Futurex devices. The port number must match the port number in the TLS settings for the device you are connecting to.



Enabled

Select Enabled from the drop-down menu. After the device connects, you can also choose Disable, Require Dual-Control, Require Login, and Run on Boot.



Device Type

Select the type of Futurex device you are connecting to from the drop-down menu. In this example, choose KMES Series 3 Enterprise.



Connection Type

If connecting to a Futurex device, choose Application and choose Futurex Web when connecting to a web service.



TLS PKI

Select the connection method from the following list:

  • Clear: No Authentication
  • Anonymous: Anonymous authentication
  • User: Use user-provided PKI certificates
  • Server authenticate: Authenticate server only
  • Futurex admin: Use Futurex-signed certificates to connect

For this example, select Futurex admin.



PKI Type

If using Futurex certificates, select RSA or ECC.



TLS Ciphers/ TLS Protocols

Choose the desired TLS Ciphers and TLS Protocols.


3

Select [ Submit ].

Your newly added device profile displays under the list of devices and services in the Excrypt Touch Dashboard.

4

Make the following changes to the device now displayed in the connected devices in the Offline column:

  • Select Modify if you'd like to edit the device profile.
  • Select Test to verify the connectivity of the device (must have a valid IP address).
    • Choose Ping to send a packet test to the device.
    • Choose Retry to re-run the test.

Create a printer profile

1

From the Excrypt Touch Dashboard, select the Add Device button represented by the plus sign located underneath your active servers to the left.

2

Enter all of the required information in the Add Device window:

Configuration setting

Description



Name

An appropriate device name.



Host

The host IP of your device



Description

Optional field to describe your device



Port

The value specified in this field needs to be either port 80 or 443 because the Excrypt Touch connects to a web server that runs on the printer.



Enabled

Select Require Login from the drop-down menu.



Device Type

Select Encrypted File Printing from the drop-down menu.



Connection Type

Because this profile is for connecting to a web service on the printer, select External Web from the drop-down menu.



TLS PKI

Select the method used to connect. The options include the following:

  • Clear: No Authentication
  • Anonymous: Anonymous authentication
  • User: Use user-provided PKI certificates
  • Server authenticate: Authenticate server only
  • Futurex admin: Use Futurex-signed certificates to connect

For the example, select Futurex Admin.



PKI Type

If using Futurex certificates, select RSA or ECC.



TLS Ciphers/ TLS Protocols

Choose the desired TLS Ciphers and TLS Protocols.


3

Select [ Submit ].

Your newly added device profile displays under the list of devices and services in the Excrypt Touch Dashboard.

4

Make the following changes to the device now displayed in the connected devices in the Offline column:

  • Select Modify if you'd like to edit the device profile.
  • Select Test to verify the connectivity of the device (must have a valid IP address).
    • Choose Ping to send a packet test to the device.
    • Choose Retry to re-run the test.

Start KMES profile and log in

Use the Excrypt Touch to remote to your KMES and make the following additional configuration changes:

1

To start the KMES Series 3 Connection Profile, touch the arrow next to the device profile.

The device comes online and shows in the online column.

2

When the device is online, you can access the application manager for that device and communicate with the device as needed. Select [ Go ] in the right column to access the connected device.

3

After the application manager loads, log in with the default admin identities.

Create a user role

1

Go to the Roles menu, and select [ Add ].

2

On the Info tab of the Role Editor window, configure the following settings:

Setting

Required configuration



Type

Administration



Name

Printers



Hardened

Select the checkbox to enable



Logins Required

Set to 2


3

Go to the Permissions tab and enable the following permissions:

Permission

Subpermissions to enable



Device

Enable the following subpermissions:

  • FTP Server
  • Power Control
  • Zeroize


Excrypt Touch

Enable all subpermissions



File Encryption

Enable all subpermissions



File Encryption Management

Enable all subpermissions



Identity

Enable all subpermissions



High-level Keys

Enable



Keys

Enable the following subpermissions:

  • Add
  • Delete
  • Export
  • Import Components


Major Keys

Enable the following subpermissions:

  • Clear
  • Load


High-level Role

Enable all subpermissions



Security

Enable the following subpermissions:

  • Key Settings
  • Password Settings
  • Secure Mode
  • TLS Resign

4

Select [ OK ] to finish creating the new role.

Create new identities

1

Go to the Identities menu, right-click the blank whitespace, and select Add > User.

2

On the Info tab of the Role Editor dialog, configure the following settings:

Setting

Required configuration



Type

Administration



Name

print1



Hardened

Select the checkbox to enable.



Locked

Leave unchecked.


3

On the Assigned Roles tab, select the printers role that you created in the previous section.

4

On the User Login tab, set a password for the identity.

5

Select [ OK ] to finish creating the first new identity.

6

Right-click the blank whitespace on the Identities menu, then select Add > User.

7

On the Info tab of the Role Editor dialog, replicate the settings from step 2, but set print2 in the Name field this time.

8

On the Assigned Roles tab, select the printers role that you created in the previous section.

9

On the User Login tab, set a password for the identity.

10

Select [ OK ] to finish creating the second new identity.

Synchronize users between the KMES and Excrypt Touch

1

Go to the Roles menu and select [ Excrypt Touch Sync ].

2

When prompted to log in to the local HSM of the Excrypt Touch, log in with the default admin identities.

After logging successfully, a message box informs you that tablet users have been synced successfully.

3

For further confirmation that users and identities synced successfully, log in to the Excrypt Touch by using the print1 and print2 identities that you created on the KMES in the previous section.





Updated 27 Feb 2024
Did this page help you?
PREVIOUS
Configure KMES Series 3
NEXT
Set up file encryption
Docs powered by Archbee