To use an Entrust nShield HSM, select this option and configure the following settings.
See HSM requirements for the supported nShield HSM versions.
Supported Signing Algorithms
The list of signing algorithms that the application can use when interacting with the HSM. This parameter is a comma-separated list of algorithm identifiers. For example:
RSAPKCS15,RSAPSS,ECDSA,MLDSA,MLDSA_DATAThe algorithms listed must be supported by both the HSM firmware and the application.
OCS (Operator Card Set) passphrase
The passphrase associated with the Operator Card Set (OCS) used during the initial deployment to create the signing key within the nShield HSM.
The minimum required quorum is 1.
The nShield kmdata tar file
The kmdata.tar configuration file of the nShield HSM.
The kmdata.tar file contains the key management data and configuration required by the nShield HSM. This file is essential for restoring or deploying the HSM configuration on a new host or during system setup.
To generate and upload the kmdata.tar file
- Run this command in the
kmdatadirectory of an nShield RFS (Remote File System) server.sudo tar -cf kmdata.tar -C /opt/nfast kmdata - Copy the generated
kmdata.tarfile to the Cryptographic Security Platform host. - Click Choose File under The nShield kmdata tar file and select the
kmdata.tarfile.