Credential management
Versasec vSEC:CMS
Create an Operator Service Key Store with HSM
3min
this section explains how to configure vsec\ cms to use the {{k3}} for the operator service key store (osks) during this process, the master key stored on the system owner (so) token migrates to the {{k}} log in to the operator console perform the following steps to log in to the vsec\ cms operator console (oc) start the vsec\ cms admin application when prompted, insert your system owner (so) hardware credential enter the operator passcode for the system owner and select \[ authenticate ] if authentication succeeds, the admin application starts, and you are logged in to the operator console add service key store perform the following steps to add the service key store with hsm in the navigation menu, select options > operators select the \[ add service key store ] button in the add service key store (hsm) window, select the {{futurex}} pkcs #11 library in the key store drop down list, specify a store name , and select \[ add ] enter the operator passcode for the system owner and select \[ ok ] after the new service key store is created, the master keys are stored on the {{k3}} you should see a message similar to the following example, confirming that the operation succeeded the new service key store kmes series 3 has been successfully created and activated the service key store system keystore has been deactivated now, all administration key operations performed with the vsec\ cms, such as registering a smart card token or pin unblock operations, use the master keys stored on the {{k3}} view the keys vsec\ cms creates two 3des symmetric encryption keys on the kmes series 3 these are the master keys used by the vsec\ cms application, and they have the cms mk0 and cms mk1 pkcs #11 labels to view the keys vsec\ cms created on the {{k3}} , perform the following steps log in to the {{k}} application interface with the default admin identities go to key management > keys select the symmetric key group versasec created on the {{k}} through the pkcs #11 library this displays the two triple 3des symmetric data encryption keys in the keys section of the menu