Guralp Systems CMG-DCM User Manual

CMG-DCM Data Communications Module

you can create text files on the local computer and transfer them

to the AM module using scp or a similar secure transfer

program.)

6. Change into the CD1.1 transmitter's configuration directory

using

cd /etc/libcd11

The following steps create a key pair and certificate request

within the token, which need to be placed in this directory for
the CD1.1 transmitter to be able to sign outgoing data.

7. Issue the command

spyrus newreq -s filename -i 1 -r slot01.req -p slot01.pub

-x

where filename is the name of the file you created in step 5.

This will generate a certificate request in the file slot01.req

and a public key in the file slot01.pub. The private key is

kept within the token itself, and cannot be extracted from it.
Any attempt to compromise the token will cause it to shut down

and become unusable.

8. The file slot01.req is a certificate request for the key pair

generated. You should send this file by e-mail to the
Certification Authority, so that they can generate a valid

certificate from it.

9. When you receive the certificate, install it in the

/etc/libcd11 directory as slot01.crt. Also create the key

ID file slot01.kid. (The key ID file is simply a text file

containing the key ID as a single decimal number. You can use

any key ID number as long as it is unique for each key. It is used
in the key bucket file, described below.)

10.Now load the certificate into the token using the command

spyrus loadcert -c slot01.crt

The token will check that the certificate matches its own key

pair, and should respond with

info::No index specified searching for matching key

info::Key in slot 1 matches certificate

46

Issue F