Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

The Key Archiving and Recovery Factory (KARF) is the component of the Certificate Factory (CF) within Nexus Certificate Manager (CM) responsible for the initial processing of certificate requests where the associated token procedure specifies that key archiving or key recovery actions should be taken.

The configuration of the KAR component is described in kar.conf. KAR related configuration also exists in cm.conf and modules.conf. See the Technical Description for more details.

Keys are referred to by their label in kar.conf. If you use an RSA key pair for key archiving, use the label of the public key. To look up the label of a key, use the hwsetup -list tool. For more information, see List slot contents.

 Issue KEK certificates

Each asymmetric key-encryption key (KEK) must have a valid certificate, to ensure that the public key part is intact when using it during key archiving. When using an HSM to store the key encryption key, do the following to issue a certificate for either a new or an existing KEK:

  1. Run hwsetup to either generate a key pair (see Generate DSA/EC/RSA key pair), or to find an existing key in the HSM (see List slot contents).
  2. Run hwsetup to create a PKCS #10 request based on the selected key pair (see Generate PKCS #10 certificate request).
  3. Use RA to issue a certificate to a file, kek.crt, based on the PKCS #10 request.
  4. Run hwsetup to store the certificate in HSM (see Install certificate).

Related information

  • No labels

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions