Initializing the Root Key Store
This tutorial shows how to set up the Root Key Store (RKS).
The Root Key Store is required for using attestation. This is why certain applications and integrations require the RKS to be set up, for example those that use the Transaction Security Broker and Smart Key Attributes.
The RKS only needs to be initialized once per HSM. First check whether it is already set up. It may have been set up during the Initial Wizard.
Check Whether the Root Key Store is Set Up
To find out whether this has already been done on a device, check that the Root Key Store is shown as "active":
- UI
- Console
System ➜ Diagnostics Device ➜ Firmware
hsm_diagnostics fw
Initialize the Root Key Store
If the Root Key Store is not yet set up, run the following commands. The HSM may prompt you to insert an USB stick with your license file.
- UI
- Console
System ➜ Root Key Element ➜ Install Root Key Element
System ➜ Root Key Element ➜ Setup Root Key Store
hsm_sec_install_rke
hsm_sec_setup_rks
This will delete any previously installed Root Key Store! This step only needs to be done once per HSM. Skip this step if you have already set up the Root Key Store before.
Clusters
In a cluster of Primus HSMs, the above steps need to be repeated on every device.
References
- Section 6 "Attestation and Audit (Device, User, Key)" of the Primus HSM User Guide.