Server Master Key generation
To generate the Server Master Key in an M of N scheme, the following is required:
- setting parameter N: the total number of cards that will be generated and distributed. This number can be between 2 and 250.
- definition of parameter M: the number of cards, out of the N generated, that will be requested to activate the HSM. This number must be between 2 and the number defined for N.
- N cards. If they already have a Server Master Key, the local console will ask for confirmation to overwrite it.
The parameters N and M must be entered; the maximum value of M shown by the local console will be a function of N.
Each Server Master Key generation is a unique process, as the output of the HSM's DRBG is used. There is no way for the operator to generate two identical Server Master Keys.
Warning
Immediately after generating the M of N set with the Server Master Key, try to make a copy(Copy Set) in a second set for security and to guarantee business continuity if the original set is lost or damaged. See Smart Card Management.
From the number of cards defined that will be part of the M of N scheme, the console will start prompting you to insert the cards and present the PIN for each card to generate the shared secret on each card (known as the shadow). The order requested is for reference and ease of use only; there is no set order in which the cards will be presented during activation. At the end of the process, a warning message informs you that the process has been successfully completed.
If the process is interrupted before the end, the console will issue an invalid assembly warning and inform you that the process must be restarted. In this case, the set should not be used to activate the HSM.
