Configure the API

In this step, you will choose and set up the API via which your applications will access the Primus HSM.

Choose an API

The simplest way to use SKA keys is using the Transaction Security Broker (TSB). The TSB implements common SKA workflows and management of approvers. The TSB exposes a REST API, making it easy to use from any programming language.

Alternatively, you can integrate your custom application via the JCE API. Integration via PKCS#11 is available upon request. In both cases, you need to build the workflow management yourself.

Install the TSB

info

This step is only needed for on-premise Primus HSM setups. Skip this step if you are using CloudHSM.

If you choose to use the REST API: Deploy the TSB by following the installation guide.

Next Steps

The setup of the Primus HSM as a Qualified Signature Creation Device (QSCD) is now complete. Continue with the tutorials to learn how to onboard users to become signers and how onboarded users can make signing requests to create Qualified Electronic Signatures.

Best Practices

• Protect the backup key: The TSB internally generates an SKA key with label approver-mgmt-backup-key-rsa-wrapping. This key is used to encrypt all approver keys and back them up to the database. To protect this key, modify it to an SKA policy with approver keys that you control manually.