The arcotcommon.ini file enables you to specify the configurations for your Hardware Security Module (HSM). As a result, you can store the Private Keys that are used for RiskMinder in an encrypted format. The following HSMs are supported:
The following table lists the common configurations for secure storage, as specified in the [arcot/crypto/device] section.
|
Parameter |
Default |
Description |
|---|---|---|
|
HSMDevice |
S/W |
The mode that sets whether the RiskMinder information must be encrypted with a key stored in database or with the one in stored the HSM. Supported values are:
|
The following table lists the configuration parameters for Chrysalis-ITS Luna SA, as specified in the [crypto/pkcs11modules/chrysalis] section.
|
Parameter |
Default |
Description |
|---|---|---|
|
sharedLibrary |
<location/to/cryptoki.so> |
The absolute path to the PKCS#11 shared library corresponding to the HSM. The default value for Chrysalis (Luna) is: /usr/lunasa/lib/libCryptoki2.so
|
|
storageSlot |
0 |
The HSM slot where the encryption keys (symmetric as well as asymmetric) are present. |
|
accelSlot |
0 |
The slot for internal use by RiskMinder. |
|
sessionCount |
20 |
The maximum number of sessions that can be established with the HSM device. |
The following table lists the configuration parameters for nCipher netHSM, as specified in the [crypto/pkcs11modules/nfast] section.
|
Parameter |
Default |
Description |
|---|---|---|
|
sharedLibrary |
<location/to/ccknfast.so> |
The absolute path to the PKCS#11 shared library corresponding to the HSM. The default value for nFast (nCipher netHSM) is: /opt/nfast/toolkits/pkcs11/libcknfast.so
|
|
storageSlot |
1 |
The HSM slot where the encryption keys (symmetric as well as asymmetric) are present. |
|
accelSlot |
0 |
The slot for internal use by RiskMinder. |
|
sessionCount |
200 |
The maximum number of sessions that can be established with the HSM device. |
|
Copyright © 2013 CA.
All rights reserved.
|
|