Two lists of security modules are provided below. The Supported Security Modules list consists of both software-based and hardware-based security modules that this PKI solution supports, while the Other Security Modules list consists of any other security modules found by this PKI subsystem that are not recognized as one of the supported security modules. [Details]
Key pairs for this instance will be generated and stored on a device called a security module.
A key pair consists of a public key and a private key. A private key is a secret entity which is never exposed to the public, will generally be protected via a security module, and is commonly referred to simply as the key. A public key is open, distributable, and while it may also be stored on a security module, it is not protected by this device. A public key, once signed by a CA, is more generally referred to as a certificate.
Security modules can be either hardware-based or software-based. Although hardware-based security modules provide more security for the secret, or private portion of this key, they must be obtained from a third-party vendor and installed prior to deployment of this PKI solution. For this particular PKI implementation, a software-based FIPS 140-1 security module has been included.
Before any security module solution can be used, a user must first always be authenticated to this security module via a token. To support this, each security module consists of one or more slots. For hardware-based security modules, a slot often consists of one or more physical contact points to the device itself (e.g. - a card reader or USB receptacle), while for software-based security modules, these may be thought of as merely a functional entry point into the software.
Finally, a token (often generically referred to as a smartcard), which contains the actual key material, interfaces with the security module via a slot. For hardware-based security modules, this may be something like a physical card containing a chip, or a USB device that can be physically inserted into a USB slot. For software-based security modules, this can be thought of as an entry in a database. In the case of both hardware-based as well as software-based security modules, a password is the most commonly used method to complete this authentication.
Since a security module may consist of slots for one or more tokens, the user must be successfully authenticated to each token of the chosen security module before this configuration can continue.
Supported Security Modules
Other Security Modules
The security modules listed below are modules found by the server but not recognized as one of the supported modules. If the user believes that any listed modules below should have been supported, please check the "CS.cfg" configuration file to see if there is a name mismatch and adjust this accordingly.