Server Master Key

During HSM initialization, a special activation key called the Server Master Key is defined, generated and stored on secure media (smart cards) via the M of N secret sharing scheme (a minimum of two cards in the 2 of 2 scheme is mandatory). This key will be used to activate the HSM and perform certain operations. Physically, the Server Master Key is an AES key.

All partitions have their objects protected by the Server Master Key. When the HSM is activated, it is read from the smart cards into the HSM's operating memory (volatile memory), at which point users can access the objects in their partitions. The Server Master Key is only available after activation and while the HSM is operating; if it is switched off or restarted, the Server Master Key is lost from the volatile memory and must be entered again at the next activation. It is used to encrypt the keys in the partitions. If the HSM's cryptographic boundary is breached, it is removed from the operating memory if the HSM is switched on.

When the HSM is switched on, initially only the local console interface is activated, and it is through this that the HSM is activated, the Server Master Key is entered and the HSM services are enabled. Once the HSM has been activated and its services started, the other communication interfaces are released and users can request the HSM's services.

The Server Master Key is the key that allows the HSM to be activated and users to access the objects kept encrypted in their partitions.

During the HSM initialization phase, the Server Master Key is generated directly from the output of the DRBG(Deterministic Random Bit Generator). There is no need for input from the operator.

With possession of the smart cards containing the Server Master Key and knowledge of the PIN(Personal Identification Number) that protects each card, it is possible to carry out all operations on the HSM, such as (re)initialization, activation and changing global operating parameters. In many situations it is desirable for this responsibility to be divided between several people, so that one of them alone (or a subgroup of the total number of authorized people) cannot operate the equipment. The HSM uses a secret-sharing mechanism known as M of N, where the Server Master Key is shared by a group of N people, at least M of whom must be present to carry out any operation that requires the Server Master Key. Each of the N people will receive a smart card and the key can only be recovered if at least M people show up; any subgroup smaller than M will be useless for recovery.