Security flags
Policies are implemented in ProtectToolkit-C by configuring security flags.
Setting a security flag activates its particular security settings. One or more of these flags can be set to create custom security policies or to implement the typical security policies described in the previous section.
Configuring security flags
Security flags are configured using the ctconf command line utility.
The command syntax is as follows:
Multiple flags can be set simultaneously. For example, the command: ctconf -ftu would set both the t and the u flags.
When flags are set, any flags set previously are cleared.
Set flags = 0 to clear all the flags. This places the device in SafeNet Default Mode (Default <No flags set>). See Default Mode, for more information about this security policy.
Use other flags values to set flags as follows:
Each of these flags is fully described below.
Security flag descriptions
The security settings configured by each of the security flags are described below. A mapping of security flags to the typical security policies described in this manual is provided in Security Policy Options.
Auth Protection
The Auth Protection (Authentication/Session Protection) flag, when set, ensures secure messaging authentication between applications and the HSM is enforced for certain messages sent from applications to the HSM. Critical messages or messages that might otherwise contain sensitive information are affected. These messages must be digitally signed so they can be verified by the HSM.
With this setting applied, applications will operate more securely. HSM performance, however, may suffer due to the additional operations required to sign and verify each message request.
Note
This flag requires a valid ProtectServer Identity Key/Certificate on the HSM. See ProtectServer owner and identity certificates for details and procedures.
DES Keys Even Parity Allowed
The Des Keys Even Parity Allowed flag permits creation of DES, DES2 and DES3 keys and components with even parity.
Entrust Ready
The Entrust Ready (Entrust Compliant) flag, when set, establishes the following rules:
-
When a nonexistent mechanism is queried, an empty mechanism structure is returned.
-
When a token is initialized with the C_InitToken command, the SO PIN is not required.
-
A user who is already logged on is permitted to log on again.
-
When using the C_SignFinal command, the size of the message authentication code (MAC) returned can be controlled, even if the mechanism is not one of the general-length MAC mechanisms specified in the PKCS#11 standard.
-
When using the C_WrapKey function, if the CKA_extractable attribute is not specified, it defaults to true so that wrapping is allowed.
FIPS Algorithms Only
When set, the FIPS Algorithms Only (Only Allow FIPS-Approved Algorithms) flag does the following:
-
Disables non-FIPS approved algorithms. For a complete list of FIPS-approved algorithms, refer to ProtectToolkit-C mechanisms.
Note
For FIPS-approved algorithms for individual products, please check the FIPS product certification.
-
Increases the minimum PIN length from 4 to 8 characters for all tokens except smart cards, if you are using ProtectServer 3 HSM Firmware 7.03.00 or newer.
Note
After the minimum PIN length is increased from 4 characters to 8 characters, you can continue logging in to tokens using PINs that do not meet the new minimum length requirement but you will be blocked from completing cryptographic operations until the PIN is reset.
-
Disables support for some key derive functions (KDFs) with CKM_ECDH1_DERIVE. For more information, refer to CKM_ECDH1_DERIVE.
Refer to FIPS Mode for more information.
Note
For FIPS-approved algorithms for individual products, please check the FIPS product certification.
FIPS Mode
The FIPS Mode flag, when set, sets the following composite flags:
-
FIPS Algorithms Only
-
No Public Crypto
-
Mode Locked
-
No Clear PINs
-
Tamper Before Upgrade
-
Auth Protection
Instead of specifying each of these flags separately with ctconf, the FIPS Mode flag can be set as a shortcut.
Refer to the entries for the individual flags in FIPS Mode for more information.
Note
This flag requires a valid ProtectServer Identity Key/Certificate on the HSM. See ProtectServer owner and identity certificates for details and procedures.
Full Secure Messaging Encryption
The Full Secure Messaging Encryption flag, when set, ensures that:
-
User PINs or other sensitive information cannot be passed across the host interface unencrypted.
-
Secure messaging encryption is enabled, so every message between the application and the HSM is encrypted in both directions.
-
Certain functions that would otherwise result in the clear transmission of sensitive data are disabled
-
The creation of any keys with the CKA_SENSITIVE attribute set to false is not permitted.
Note that the Full Secure Messaging Encryption flag is similar to the No Clear PINs Allowed flag, except every message between the application and the HSM is encrypted in both directions. The key used for the message encryption is generated using the PKCS#3 Diffie-Hellman Key Agreement Standard.
By enabling this setting, applications will operate more securely. however this will also have the effect of decreasing HSM performance. This is due to the increased operations required to encrypt and decrypt each request and response message.
Note
This flag requires a valid ProtectServer Identity Key/Certificate on the HSM. See ProtectServer owner and identity certificates for details and procedures.
The No Clear PINs flag must be set to enable Full Secure Messaging Encryption to encrypt data.
Full Secure Messaging Signing
The Full Secure Messaging Signing flag, when set, indicates that secure messaging authentication between applications and the HSM is being enforced for every message, in both directions, between the application and the HSM. All messages must be digitally signed so that they can be verified by the HSM.
Note that the Full Secure Messaging Signing flag is similar to the Auth Protection flag except that every message, in both directions, between the application and the HSM is digitally signed and verified. The key used for the message signing is generated using the PKCS#3 Diffie-Hellman Key Agreement Standard.
With this setting applied, applications will operate more securely. HSM performance, however, may suffer due to the additional operations required to sign and verify each message request.
Note
This flag requires a valid ProtectServer Identity Key/Certificate on the HSM. See ProtectServer owner and identity certificates for details and procedures.
The No Clear PINs flag must be set to enable Full Secure Messaging Encryption to encrypt data.
Increased Security Level
The Increased Security Level flag, when set, ensures that:
-
The mechanism CKM_EXTRACT_KEY_FROM_KEY is disabled.
-
Changing the CKA_MODIFIABLE attribute from false to true while using the C_CopyObject command is not permitted.
Mode Locked
The Mode Locked (Lock Security Mode) flag, when set, prevents any further security flag modification. A new security policy can only be implemented after performing a tamper operation.
No Clear PINs
The No Clear PINs (No Clear PINs Allowed) flag, when set, ensures the following:
-
User PINs or other sensitive information cannot be passed across the host interface unencrypted.
-
Secure messaging encryption is enabled for critical requests to the HSM, or for those requests that might otherwise contain sensitive information.
-
Certain functions that would otherwise result in the clear transmission of sensitive data are disabled.
-
The creation of any keys with the CKA_SENSITIVE attribute set to false is not permitted.
Note
This flag requires a valid ProtectServer Identity Key/Certificate on the HSM. See ProtectServer owner and identity certificates for details and procedures.
The No Clear PINs flag must be set to enable Full Secure Messaging Encryption and Full Secure Messaging Signing
No Public Crypto
The No Public Crypto flag, when set, ensures that no user can perform a cryptographic operation without having first authenticated themselves.
When this flag is set, each token in the system will have the PKCS#11 CKF_LOGIN_REQUIRED flag set so that applications must authenticate before operations are allowed. Note that this security flag does not affect the Admin token, which always requires authentication for access.
Note
This flag requires a valid ProtectServer Identity Key/Certificate on the HSM. See ProtectServer owner and identity certificates for details and procedures.
The name of this flag does not imply that public key cryptography is not allowed. Setting this flag will not prevent RSA processing.
Pure PKCS11 (PKCS#11 Compatibility Mode)
Caution
Setting this flag compromises security. A skilled attacker may be able to exploit vulnerabilities in certain mechanisms when this flag is set.
The Pure PKCS11 flag, when set, allows that the following mechanisms to function as the PKCS#11 v2.20 standard requires.
-
CKM_CONCATENATE_BASE_AND_KEY
-
CKM_CONCATENATE_BASE_AND_DATA
-
CKM_CONCATENATE_DATA_AND_BASE
-
CKM_EXTRACT_KEY_FROM_KEY
Tamper Before Upgrade
The Tamper Before Upgrade flag, when set, ensures that a soft tamper (erasure of all HSM internal secure memory) will occur when any of the following operations are undertaken.
-
Firmware upgrade
-
FM download
-
FM disable operation
User Specified ECC DomainParameters Allowed
The User Specified ECC DomainParameters Allowed flag, when set, allows ECC Public and Private keys with Domain Parameters other then the set of named curves built into the HSM to be generated and stored on the HSM.
Weak PKCS#11 Mechanisms
Caution
Setting this flag compromises security. A skilled attacker may be able to exploit vulnerabilities in certain mechanisms when this flag is set.
Newly-discovered key extraction techniques have revealed vulnerabilities in some mechanisms. These mechanisms are now restricted by default in the factory settings of all new HSMs, or when flags are set to "0" (all flags cleared). Also, these mechanisms cannot be enabled when flags are set to "F" (FIPS Mode) or "a" (Only Allow FIPS-Approved Algorithms). The Weak PKCS#11 Mechanisms flag, when set, allows the use of these less-secure mechanisms. It can be used with any combination of flags except "F" and "a".
The following mechanisms are affected:
-
CKM_CONCATENATE_BASE_AND_DATA
-
CKM_CONCATENATE_BASE_AND_KEY
-
CKM_CONCATENATE_DATA_AND_BASE
-
CKM_XOR_BASE_AND_DATA
-
CKM_XOR_BASE_AND_KEY
-
CKM_EXTRACT_KEY_FROM_KEY
If you are using ProtectServer 3 HSM Firmware 7.02.00 or newer, setting this security flag will allow you to change the value of the CKA_EXPORTABLE
attribute of an object from FALSE
to TRUE
.