Configuring the kms server, Authentication overview, Key management services configuration sections – HP Secure Key Manager User Manual

Configuring the KMS Server

The HP StorageWorks Secure Key Manager allows you to off-load cryptographic operations from

application servers and other back-end devices to the SKM. Clients, such as application servers and

databases, make requests to the KMS Server to perform cryptographic operations. The KMS Server is

capable of performing such cryptographic operations as asymmetric and symmetric encryption and

decryption, MACs and MAC verifies, keyed hashes, digital signatures and verifications, RNG, and

combinations of these operations. This chapter contains the following topics:

• Authentication Overview
• Key Management Services Configuration Sections
• KMS Server Procedures
• Health Check Overview
• Health Check Sections

Authentication overview

The communication between the KMS client and the server varies slightly, depending on whether your

KMS configuration requires users to authenticate. If you decide not to authenticate, then users have access

only to global keys. Global keys are keys that are available to everyone, with no authentication required.
If you want to require authentication, then you must create keys for each user or group of users. An

authenticated user has access to all global keys, all the keys owned by the user, and all keys accessible

to groups to which that user belongs. In addition, a group of users can have an authorization policy

assigned to it, which restricts the use of the keys accessible by that group to certain time periods or

certain operations per hour.
The KMS Server can define a local users and groups list or you can use an LDAP server to centrally

manage your users and groups.

Authentication Options

The KMS Server provides many options with respect to security and authentication. You can:

•

mandate SSL – You can choose between SSL connections and standard TCP connections; SSL

connections are more secure since all data exchanged between client and server is encrypted.

•

allow global sessions – You can allow clients to access and create global keys without providing

a valid username and password to the KMS Server; this obviously does not offer a high level

of security.

•

disable global sessions – You can disable global sessions altogether, which requires all users

to provide either a valid username and password combination, or a client certificate signed

by a CA trusted by the KMS Server.

•

require client certificates – You can require that clients present a client certificate in order to

establish SSL connections. This client certificate can be the sole means of authenticating to the

KMS Server, or it can be used in tandem with a username and password combination.

•

enforce strong, two-factor authentication – You can take the require client certificates option one

step further by having the KMS Server derive the username from the certificate; that username is

then compared against the username provided in the authentication request. If the usernames

match up and the password provided is correct, then the user is authenticated.

We recommend that you enforce the most stringent security policy supported by the KMS Server.

Such a security policy would mandate SSL, disallow global sessions, and enforce strong, two-factor

authentication.

Key Access and Ownership

Keys can be created as global or owned by a particular user (keys are not owned by administrators).

When you give group access permission for a key, all the users in that group can use that particular

key (after authenticating to the server).

168

Using the Management Console