Sun Crypto Accelerator 6000 Board User’s Guide for Version 1.1
User’s Guide
E39851-01
Contents |
Regulatory Compliance Statements
New Features in the 1.1 Release
Supported Cryptographic Protocols and Algorithms
Cryptographic Algorithm Acceleration
Dynamic Reconfiguration and High Availability
Hardware and Software Requirements
Oracle Solaris 10 OS on SPARC and x86 Platforms
x86 AMD Opteron Platforms Running Linux
2. Installing the Sun Crypto Accelerator 6000 Board
Installing the Board on Oracle Solaris Platforms
Installing the Sun Crypto Accelerator 6000 Software With the install Script
Install the Software With the install Script
Directories and Files for Oracle Solaris Platforms
Removing the Sun Crypto Accelerator 6000 Software on Oracle Solaris Platforms With the remove Script
Remove the Software With the remove Script on the CD-ROM
For Oracle Solaris 11, Remove the Software With the remove Script
Installing the Software on Oracle Solaris Platforms Without the Installation Script
Install the Software Without the install Script
Removing the Software on Oracle Solaris Platforms Without the remove Script
Remove the Software Without the remove Script
Installing the Sun Crypto Accelerator 6000 Board on Linux Platforms
Install the Sun Crypto Accelerator 6000 Hardware on Linux Platforms
Install the Sun Crypto Accelerator 6000 Software on Linux Platforms With the install Script
Installing the Sun Crypto Accelerator 6000 Software on Linux Platforms Without the install Script
Install the Software Without the install Script
Directories and Files for Linux Platforms
Removing the Sun Crypto Accelerator 6000 Software on Linux Platforms
Removing the Sun Crypto Accelerator 6000 Software With the remove Script
Remove the Software With the remove Script
Remove the Software Without the remove Script
Migrating Back to Version 1.0 From 1.1
Restore the 1.0 Software and Firmware:
3. Administering the Sun Crypto Accelerator 6000 Board
Device and Keystore Security Officers
Initializing the Board With scamgr
Perform a Board Initialization
Perform a Keystore Initialization and Create a New Keystore
Performing a Keystore Initialization to Use an Existing Keystore
Perform a Keystore Initialization and Use an Existing Keystore
Authentication and Logging In and Out With scamgr
Log In To a Board With a Changed Remote Access Key
Log Out Of a Board With scamgr
Managing Keystores With scamgr
Managing Security Officers and Users
Populate a Keystore With Security Officers
Populate a Keystore With Users
Backing Up Configuration and Keystore Data
Back Up a Device Configuration
Locking Keystores to Restrict Access
Lock a Master Key to Prevent Backups
Lock a Keystore To Restrict Access
Enable a Locked Keystore To Enable Access
Disable a Locked Keystore To Prevent Access
Managing Multi-Admin Mode With scamgr
Assign Security Officers the Multi-Admin Role
Remove a Security Officer From the Multi-Admin Role
Set the Minimum Number of Security Officers Required to Authenticate Multi-Admin Commands
Set a Multi-Admin Command Timeout
Add Additional Security Officers to the Multi-Admin Role
Cancel a Multi-Admin Command Originated by the Initiating Security Officer
Allow a Multi-Admin Command to Time Out
Log In to a Board During a Multi-Admin Command as a Security Officer Not in the Multi-Admin Role
Attempt to Execute a Multi-Admin Command Without Multi-Admin Role Permissions
Perform a Software Zeroize on the Board
Use the scamgr diagnostics Command
Managing Services for Oracle Solaris Platforms
Service Configuration Parameters
List Service Configuration Parameters
Modify Service Configuration Parameters
Enabling Optional Cryptographic Algorithms
Enable the Multi-part MD5 Algorithm
Enable the Multi-part SHA1 Algorithm
Enable the Multi-part SHA512 Algorithm
Enable the HMAC (MD5 or SHA1) Algorithm
Additional Instructions for Administering the Board on Linux Platforms
Stop the Board on a Linux Platform
Start the Board on a Linux Platform
4. Configuring Centralized Keystores
Configuring Centralized Keystores
Configuring the Directory Server With the scakscfg Utility
Configuring the scakiod Service to Use CKS
scakiod Service Configuration Options
Configure the scakiod Service to Use CKS (Oracle Solaris)
Configure the scakiod Service to Use CKS (Linux)
Configuring the scakiod Service to Use SSL With Simple Authentication
Configure scakiod for Simple Authentication Over SSL
Configuring the scakiod Service to Use SSL With Client Certificate Authentication
Configure the scakiod Service to Use SSL With Client Certificate Authentication
Adding the Certificate to the Agent Entry in the Directory Server
Add the Certificate to the Agent Entry in the DS
Configuring the Board to Join a Centralized Keystore
Join a Previously Configured Board to a Centralized Keystore
Join an Unconfigured Board to a Centralized Keystore
Initial Keystore Search Failed
Client Authentication Initialization Failed
5. Developing and Administering Financial Services
Financial Service Components Overview
Financial Services Library Initialization
Library Open Function fs_lib_open()
Library Shutdown Function fs_lib_close()
Session Establishment Function fs_session_open()
Session Shutdown Function fs_session_close()
Key Separation and Compartmentalization of Risk
Generate Key Function fs_generate_key()
Import Key Function fs_import_key()
Export Key Function fs_export_key()
Translate Key Function fs_translate_key()
Retrieve Object Function fs_retrieve_object()
PIN Verify Function fs_pin_verify()
PIN Translate Function fs_pin_translate()
Credit Card Processing Overview
Financial Services Library Function fs_card_verify(3)
Enabling the Financial Services Feature
Administering Financial Services
Financial Services Security Officers
Setting Financial Services Mode
6. Developing PKCS#11 Applications for Use With the Sun Crypto Accelerator 6000 Board
Configuring Sun Metaslot to Use the Sun Crypto Accelerator 6000 Keystore
Configuring Secure Failover for Sun Metaslot
Developing Applications to Use PKCS#11
Sun Crypto Accelerator 6000 PKCS#11 Implementation Specifics
Supported and Unsupported Functions
Developing PKCS#11 Applications for Use With the Sun Crypto Accelerator 6000 Board on Linux Platforms
7. Installing and Configuring Sun Java System Server Software
Administering Security for Sun Java System Web Servers
Web Server Concepts and Terminology
Preparing to Configure Sun Java System Web Servers
Installing and Configuring Sun Java System Web Server 6.1
Install Sun Java System Web Server 6.1
Register the Board With the Web Server
Install the Server Certificate
Installing and Configuring Sun Java System Web Server 7.0 Update 1
Install Sun Java System Web Server 7.0
Register the Board With the Web Server
Start the Sun Java System Web Server Administration Server
Pre-Set the Password for Tokens
Install the Server Certificate
Installing and Configuring Sun Java System Web Server on Linux Platforms
Configuring Sun Java System Web Servers to Start Up Without User Interaction on Reboot
Create an Encrypted Key for Automatic Startup of Sun Java System Web Servers on Reboot
8. Installing and Configuring Apache Web Server Software
Installing and Configuring Apache Web Server on Oracle Solaris Platforms
Create a Private Key and Certificate
Installing and Configuring Apache Web Server on Linux Platforms
Configure and Start Apache Web Server
9. Diagnostics and Troubleshooting
Performing scadiag Diagnostics
Disabling Crypto Traffic on Other Hardware Providers in Your System
Disable Other Hardware Providers
Reenable Other Hardware Providers
Examining and Reporting Kernel Statistics
Determine Cryptographic Activity With the kstat Utility
Determining Cryptographic Activity on Linux Platforms
Determine Cryptographic Activity on Linux Platforms
A. Sun Crypto Accelerator 6000 Board Specifications
B. Installing and Configuring openCryptoki Software for Linux
Installing openCryptoki Software
Install openCryptoki Software on RHEL5
Build and Install openCryptoki on RHEL4 Updates
Build and Install openCryptoki Software on SUSE10 SP1 Platforms
Zeroizing the Sun Crypto Accelerator 6000 Hardware to the Factory State
Zeroize the Sun Crypto Accelerator 6000 Board With a Hardware Jumper
F. Financial Services Header File
G. Supported PKCS#11 Mechanisms
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.