Remote Console Command Line
The Dinamo remote management console is the application used to perform the HSM's administrative functions, such as key/object management, user management, log management, backup/restore, basic HSM operation tests, operation statistics and firmware updates, among others.
The console is installed together with the HSM client software. See the Client software topic for more details on uses and procedures.
Some features of the remote management console program:
- Command line interface;
- Each session can manage one HSM at a time;
- The connection is not affected by the load balancing configuration (the console always connects directly to the HSM indicated on the command line);
- Every session must be authenticated, there is no exposed functionality for anonymous sessions;
- The menus only display the options that the logged-in/authenticated user is allowed to execute;
- Operations that fail indicate the error code and an explanatory text about the cause of the problem;
The remote management console program is part of the Dinamo package. To run the program, open a command line window and run the hsmcon command from the prompt. The program works synchronously, always showing a menu of options, and after the corresponding request has been sent to Dinamo, the response is waited for and shown to the user. There is no set limit to the number of simultaneous client sessions that can be opened on Dinamo. The HSM will accept new sessions as long as there are physical resources available.
Attention
The HSM will disconnect the customer after 20 (twenty) minutes of inactivity. Any operation attempted after the inactivity period has expired will result in an error.
Always use the version of the library recommended by the program. To check the version of the library, run the program without arguments, and the current version of the library will be displayed, and if applicable, the minimum recommended version. If in doubt, contact your supplier about how to get the recommended version.
Dinamo - Remote Management Console v. 4.7.12.3 2018 (c) Dinamo Networks
Library tacndlib version 4.7.12.3.
.
.
.
Running the program without arguments displays a help screen:
Dinamo - Remote Management Console v. 4.7.12.3 2018 (c) Dinamo Networks
Library tacndlib version 4.7.12.3.
Usage: hsmcon <hsm_ip_address> <id_user> [-e/-c] [-p <port>] [-o]
<hsm_ip_address> ip address of the HSM
<id_user> name of the user to open a session to the HSM
-e open session encrypted (use TLS) - default option
-c open session in clear text (do not use TLS)
-p <port> service port of the HSM to open a session - default 4433
-o authentication with an OTP value (2nd factor)
-3 enable option to use exponent 3 for RSA keys
-l enable legacy options
-sip search for the nearby HSMs to connect
-g <cert path> get the HSM's TLS cert and write it to <cert_path>
in PEM format
-pri <key path> private key used in mutual authentication, MUST be in
PEM format. -pri_cert and -hsm_cert MUST be provided
-pri_cer <cert path> private key's certificate used in mutual
authentication, in PEM/DER format. -pri and -hsm_cert
MUST be provided
-hsm_cer <hsm path> HSM's certificate used in mutual authentication, in
PEM/DER format. -pri and -pri_cert MUST be provided
-h display this help and exit
Example:
hsmcon 10.10.1.1 master -c
hsmcon 10.10.1.1 master -e 4433
hsmcon 10.10.1.1 master -o
To connect the remote management console to Dinamo , enter the IP address of Dinamo and the user id. You will then be asked for the password. Optionally, you can also enter the type of session (open or encrypted) and the port. If these arguments are not entered, the session will be encrypted and the port will be 4433 (TCP).
C:\>hsmcon 127.0.0.1 master
Dinamo - Remote Management Console v. 4.7.12.3 2018 (c) Dinamo Networks
Library tacndlib version 4.7.12.3.
HSM Dinamo IP : 127.0.0.1
HSM User ID : master
HSM User Password :
Info
Make sure that the Dinamo service is started to connect to the remote management console, and that the network parameters are correctly configured.
If the arguments are entered correctly, the connection to the HSM service is established and a menu with the available options is displayed. The following example screens will always show the full menus for a user with full permissions. If the session is opened by a user who does not have full permissions, some menus will have fewer options.
Main Menu
Dinamo - Remote Management Console v. 4.7.16.15 2018 (c) Dinamo Networks
HSM 127.0.0.1 e - Engine 5.0.22.0 (DXP) - TCA0000000 - ID master
Main Menu
Keys/Objects Users HSM
1 - Create... 17 - Create 33 - Info
2 - Remove 18 - Remove 34 - Logs...
3 - Attributes 19 - List 35 - Backup...
4 - Import... 20 - Attributes 36 - Monitoring...
5 - Export... 21 - Trust Relations 37 - Firmware Update
6 - List 22 - Password Policy 38 - Replication...
7 - Permissions... 23 - My Password 39 - SPB...
8 - Key Backup... 40 - EFT...
41 - IP Filter...
42 - Tests...
43 - Dinamo Services...
44 - Tools...
0 - Exit
Option:
The first line shows a title bar, informing you of the program's version, below it shows information about the HSM being managed: the IP address, the communication channel ('e' for tls-protected channel and 'c' for open channel), the HSM's model and software version, the HSM's serial number and the user who is maintaining the session, and below it the main menu and submenus.
The HSM administration tasks are divided into three groups: Keys and objects, users and HSM operation. Options marked with (. . .) indicate that a submenu with new options will be displayed to complete the task.
To exit the console program, choose option 0 (zero) from the main menu.