DEP PC-AUX Program User Manual
Contents
1. EA 7 dob EIARDWARE SETUP 4 a a A 7 ZU SO TW ARE SP e UP dE 7 4 2 1 iste tI UE ee nenten 8 4 2 2 ON MEE S 4 2 3 Choose Destination 9 4 2 4 Choose qd Setup TYPO nternet eeen 10 4 2 5 c odit a RF ab a ke 11 4 2 6 UTI 12 4 2 7 DOU BON TN 13 4 2 8 POSE TWS1IGI 14 4 2 8 1 Contigure Borland Database Engine 14 De WOE RAN EERE A CE eee eot vu eese EM 16 STARTUP WINDOW O 16 Oe IB MENU P 16 2 245 Open Definition Dist Tes asia ped inte 17 DUM Let me choose again the Definition Lists format 20 2 29 Check es COHSISIORC Jess tidie UN det 20 5 2 4 COSE cac Ett 21 IA COSCO EE 21 5 2 6 SAVE 21 2 227 SAVE AEEA Naderende 22 5 2 8 SAVA RRA rer Reo Sn Ee eC On ena en CT ee ene en A ET 23 5 2 9 Convert into old Definition Lists format cesses 235 5 2 10 Convert into new Definition Lists format esee 24 Talde S 2 VS MEM PIRE 29 2 31 Bier utente aha eh eet 29 Jekk General Stil Asie la Sauk 25 IL Dynamic Values seid ns todo nsn dere nand eee 27 x92. Ellis T T T 24 219 2 CODY IO beaten edelen 28 5 3 3 xv Y T eeeh 28 5 3 4 ES GAR TL ee eRe EE ee CR E pase I Eee Cet eee re See ee ASI 29 319 5 ID Ur bas beat sent 30 SP 31 ATOS Worldline Technologies amp Products Page 4 47 DEP PC AUX Program User Manual 04 01 Classification Public oun A I TEIN en np tudin ci RU 31 5 5 1 COMMMUNICQHON DOTT serene etten 32 ROOD NC CEPR 32 5 5 3 JU IE CAD neden 34 30 WINDOW rennen 35 5 6 1 dM 35 5 6 2 CNE E 35 5 6 3 D M 36 ABOUT MEN 37 6 DEFINITION CIS US 38 Gls SECRET SHARING DEFINITION EIST acad iem Mea Dee 38 6 2 CAPABILITY DEEINITION EIST iad 39 JIS YODER INUTION ISP eui an Lab edoan eke cee meas 40 6 3 1 Novelty SINCE verston IO suctecsixeatahsnenecbusisavouldannoeatcdyytanptarnenciubs daders 40 6 3 2 Novely SINCE 40 6 3 3 k Denton Lt hci viden 41 6 3 4 Common fields for old new Key Definition Lists ennen 42 6 3 5 Specific values for old Key Definition 42 6 3 6 Specific values for new Key Definition 43 6 3 7 Field dependency table a as o
3. 55 1 modified Det list files 4 SshDefList db CapDefList db ReyDefList db All Definition Lists present 5 2 7 Save active as As it 1s not possible to save the Definition List files by giving them another name use Save active as to save them in another folder that contains none opened set of Definition List files Make active the sub window which you want to save in another folder see paragraph 5 6 3 on page 36 and select Save active as item in the File menu Save As EAE Gave in Def List files ce CapDetList db lei CapD efList px lel KeyDetList db B lel SshDetList db lei SshDetList px Filename _ SshDetList db CapDetList db KepDrefList db Save as Cancel If the Definition List files in the destination folder are already open an error message Is received ATOS Worldline Technologies amp Products Page 23 47 DEP PC AUX Program User Manual 04 01 Classification Public e Destination Definition List Files in use When Definition List files already exist but are not open in the destination folder an information message asks confirmation for erasing the existing Definition List files and for replacing them by the new Definition Lists x i Definition List Files present in the Directory Erase existing information The Save active and Save active as functionalities include an automatic Check
4. 1 byte each field identifies a check value level and defines the algorithm for the calculation of this check value the DEP Key Entry Guide gives a complete description of the check values algorithms If the value of ENTRY is 00 RAND all CV s are always 01 NORM For keys reconstructed in the CZAM DEP the proposed values are gt 01 NONE no check value will be applied on key introduced gt 02 NORM check value based on the encryption of a null data by a key Ekey 0000000000000000 gt 03 FULL check value based on the encryption of a key by the key itself Ej key gt 04 ISO10118 2 check value based on the calculation of a hash value For keys reconstructed in the DEP the value of CV is always 00 NONE for CV2 and the proposed values are 01 NONE no check value will be applied on key introduced gt 02 NORM check value based on the encryption of a null data by a key 0000000000000000 gt 04 ISO10118 2 check value based on the calculation of a hash value e NO 2 bytes three cases must be considered gt when the ENTRY field equals 01 DS2 the field s value is the identification of the key in the key table of a former generation of Atos Worldline HSM 0000 to FFFF in this case the column s name changes into SLOT and is coded on four digits gt when the ENTRY field equals OA 2 the field s value coded on two digits represen
5. key is reconstructed in the DEP e ENTRY 1 byte For keys reconstructed in the CZAM DEP the proposed values are gt 00 RAND keys are generated randomly by C ZAM DEP DES keys only there is no check value for this type gt 01 DS2 keys come from a 252 key backup file there is no check value for this type gt 02 DEF manual key loading of clear text key per block of eight bytes gt 03 POOL manual key loading according to the POOL definition gt 04 ENC manual loading of an encrypted key per block of eight bytes every block entered is decrypted with a single DES transport key K_AB gt 05 XOR2 manual loading per block of eight bytes and each part is divided in two sub parts XORed gt 06 XOR3 manual loading per block of eight bytes and each part 15 divided in three sub parts XORed 07 XR2A manual loading per block of eight bytes and each part is divided in two sub parts XORed same as XOR2 gt 08 XR3A manual loading per block of eight bytes and each part is divided in three sub parts XORed same as XOR3 09 DX3 manual loading of an encrypted key per block of eight bytes the single DES transport key is introduced as an XOR3 and every block entered is decrypted with a single DES XORed transport key gt 0A ENC2 manual loading of an encrypted key per block of eight bytes every block entered is decrypted by an external transport key single double or triple DES key at least one transport key mu
6. 8 Capabilities 13 Keys cryptt 4 TAG SSH_IDX gt Programs 00 D epNT 0500020 C_SCM_LOAD gt pc aux n OS5000354 Sw LOAD i aie 05000500 C SET TRACE C BANKSTS 05000700 SET PARAM Def files 05140100 PUR PER CARD 05140101 CD SAVE KEYS 05140102 SshDefList db CapDefList db KeyDeflist db All Definition Lists present A The Capabilities Definition List can contain up to 30 records but minimum one record is required ATOS Worldline Technologies amp Products Page 40 47 DEP PC AUX Program User Manual 04 01 Classification Public For each record the following fields need to be entered e TAG 4 bytes identification tag of the capability value 05000000 to OSFFFFFF e NAME 14 bytes name ASCII printable characters describing the capability record this name appears also on the C ZAM DEP s display e SSH_IDX 1 byte identifies the Secret Sharing Scheme linked to the capability refers to the secret sharing index in the Secret Sharing Definition List 00 to 1D FF Every record must have a unique TAG The SSH_IDX must be defined in the Secret Sharing Definition List The value FF can be used when no Secret Sharing Scheme is associated to the capability and thus cannot be saved on DCC 6 3 KEY DEFINITION LIST The Key Definition List contains the properties of DEP keys To know which keys with which properties are required by the DE
7. Lists see DEP C ZAM DEP User Manual for this purpose and select the Read CZD menu item ATOS Worldline Technologies amp Products Page 33 47 DEP PC AUX Program User Manual 04 01 Classification Public Information E 1 Please place the Czam Dep in Definition list Change list on PCS end lists to mode then E press an this window and then DE on the Cancel Place the C ZAMP DEP in the indicated mode confirm with OK in the application s information message and press the C ZAM DEP s button OK The Definition List will then be transferred from the C ZAM DEP to the PC After a successful transfer a new sub window appears PC Aux Engine Mill Ed File Edit Toolbar CED Window About e cp u 1 Def Lists open 16 max r Bs Untitled gt Project gt Programs E gt DepNT E No SSH gt pc aux Bs V_OO0 check in 21 BANKSYS NEW SSH fq Det files NEW 55H SshDetList db CapDeflist db KeyDefList db All Definition Lists present 2 Notice that the new sub window has no title as the Definition List files are not yet saved in a folder To save them see paragraph 5 2 6 on page 21 The Definition List can be read from the C ZAM DEP several times as long as the limit of 16 sub windows 15 not reached If the connection between the C ZAM DEP and the PC fails an information message is received indic
8. The C ZAM DEP can then be connected to this communication port using a dedicated serial cable Windows PC Comm Port Key Def List PC AUX Def List Program SSH Def List umm C ZAM DEP a N 4 2 SOFTWARE SET UP DCC List The DEP PC AUX Program should be installed on PC An installation procedure for the DEP PC AUX Program exists To start the installation wizard of the DEP PC AUX Program insert first the installation CD_ROM or download it from internet and start the Setup exe Remark that together with the DEP PC AUX Program another auxiliary program is installed that allows the conversion of former generation of key backups to a DEP key backup see the document DEP Key Backup Conversion Guide Note A user must have administrative installation procedure privileges to be able to start the ATOS Worldline Technologies amp Products Page 8 47 DEP PC AUX Program User Manual 04 01 Classification Public 4 2 1 Welcome A Welcome screen appears immediately after the execution of the Setup exe It contains some recommendations and warnings about the copyright laws and international treaties jap PC AUX InstallShield Wizard Welcome to the InstallShield Wizard for PC ALEX The Install5hield RE Wizard will install PC ALIX an your compute
9. Which definitions must be written into which list can be found in the DEP Atos Worldline Security Officer s Guide or the DEP Customer s Security Officer s Guide In the version 3 0 of the DEP PC AUX Program the Definition Lists were adapted to allow choosing among three algorithms for the calculation of the unique check value level four algorithms if we consider the first type O1 NONE that represents the choice of none check value From the version 3 2 2 the way keys are entered and the attached check values are completely separated Until now both were incorporated in the field ENTRY Besides the new Definition Lists integrate now three levels of check value that can be defined for the keys And for each level a type of check value can be chosen among several algorithms the same as in the version 3 0 We modified the data in the Capability Definition List and Key Definition List delivered with Installation from the version 3 3 3 For more information about the check values mechanisms it is highly recommended to read the DEP Key Entry Guide ATOS Worldline Technologies amp Products DEP PC AUX Program User Manual 04 01 Page 7 47 Classification Public 4 SET UP 4 1 HARDWARE SET UP The DEP PC AUX Program runs on a Windows 2000 XP Windows Vista or a Windows 7 PC To exchange the Definition Lists with a communication port COMI or is C ZAM DEP at least one free serial required
10. Wizard Destination Folder Click Next Eo install Ea this Folder or click Change to install to a different folder Install PC ALI bo C Program Filesi4tos Worldline P A Change Installshield Cancel Although it is recommended to use the default path click the Change button to select another directory for the installation of the DEP PC AUX Program software Click Next to continue Back to return to the previous screen or Cancel to abort the installation procedure 4 2 4 Choose a Setup Type At this step the setup type for the application should be selected ATOS Worldline Technologies amp Products Page 11 47 DEP PC AUX Program User Manual 04 01 Classification Public jie PC AUX InstallShield Wizard Setup Type Choose the setup that best suits your needs Please select a setup type All program Features will be installed Requires the most disk Space Minimum required Features will be installed Choose which program Features you want installed and where they will be installed Recommended For advanced users Installshield lt Back cancel Although it is suggested to install the Typical setup type in specific cases the Minimal or Custom types can be chosen By selecting the Typical setup type all the application features will be installed The Minimal setup type will install the minimum required features To install the specific program
11. column ENTRY becomes 04 ENC type with 02 NORM as check value in column CV 1 e Old 07 XOR2 type in column ENTRY becomes 05 XOR2 type with ATOS Worldline Technologies amp Products Page 25 47 DEP PC AUX Program User Manual 04 01 Classification Public 02 NORM as check value Gin column CV1 e Old 08 XOR3 type in column ENTRY becomes 06 XOR3 type with 02 NORM as check value in column CV 1 e Old 09 XR2A type in column ENTRY becomes 07 XR2A type with 02 NORM as check value in column CV 1 e Old 0A XR3A type in column ENTRY becomes 08 XR3A type with 02 NORM as check value in column CV 1 e Old DX3 type in column ENTRY becomes 09 DX3 type with 02 NORM as check value in column CV 1 5 2 11 Exit The Exit menu item is used to exit the DEP PC AUX Program Before quitting it verifies if all the sub windows have been saved and proposes to save those that have been modified but not saved before really quitting the application 5 3 EDIT MENU The Edit menu allows to construct easily Definition List files and to manipulate them by inserting copying modifying and deleting records All the Edit menu s functionalities can also be launched via the context menu Edit Toolbar GED Copy line Ctrl C Paste line Insert line Delete line Ctrl Del As soon as a set of Definition List files is opened it can be edited But before modifying it you
12. e AB PINE ODE 45 6 3 6 M 46 ATOS Worldline Technologies amp Products Page 5 47 DEP PC AUX Program User Manual 04 01 Classification Public 2 SCOPE OF THE DOCUMENT This document describes the DEP PC AUX Program This auxiliary program is used by the Security Officers responsible for creating or altering Definition Lists The document does not explain when Definition Lists have to be created or the values to enter This information can be found in the DEP Atos Worldline Security Officer s Guide or the DEP Customer s Security Officer s Guide 2 1 REFERENCES This document contains references to other documents about the DEP This paragraph gives a list of all the documents referred to DEP Atos Worldline Security Officer s Guide DEP Customer s Security Officer s Guide DEP C ZAM DEP User Manual DEP Key Backup Conversion Guide DEP Secret Sharing Mechanism DEP Key Entry Guide There are no references made to the following documents but they could be useful to understand this document e DEP Introduction to DEP e DEP General Architecture e DEP Glossary 2 2 CONTACTING ATOS WORLDLINE You can visit Atos Worldline on the World Wide Web to find out about new products and about various other fields of interest URL www atosworldline com For the documentation visit the http www banksys com web page For support on issues related to DEP customers partners
13. features choose the Custom type Click Next to continue Back to return to the previous screen or Cancel to abort the installation procedure 4 2 5 Installing the Program The Ready to Install the Program window gives an overview of the settings selected during the installation procedure ATOS Worldline Technologies amp Products Page 12 47 DEP PC AUX Program User Manual 04 01 Classification Public iz PC AUX InstallShield Wizard Ready to Install the Program The wizard is ready to begin installation IF you want to review or change any of your installation settings click Back Click Cancel exit the wizard Current Settings Setup Type Typical Destination Folder C Program Files Atos Worldline PC ALs User Information Mame USER Company Installshield Cancel When the information is correct click the Next button to continue go Back to modify some settings or use Cancel to abort the installation procedure 4 2 6 Installing After clicking the Next button of the Ready to Install the Program window all the required installations will be executed The following window will be opened ATOS Worldline Technologies amp Products Page 13 47 DEP PC AUX Program User Manual 04 01 Classification Public iz PC AUX InstallShield Wizard Installing The program features you selected are being installed Please wait while the Inst
14. files 2 In p 3 CeruptiPrapectsProgramssDiepM Tspe aus V DOCINDIer list files 3 T v 4 CAcopttfProjecAProgramsVDepNTApc aus M DODNDef list files 4 Mii LO P LAcryptt Project Programs DepW pc aux _UUUSDef list files iml gt gt pc aux fe V 000 Def lst fies 4 en ome Ma 55H 01 0 00 GROUP 2 02 01 00 MEW 55H 01 01 00 NEW SSH 01 01 00 SshDefList db CapDefList db ReyDefList db All Definition Lists present 2 ATOS Worldline Technologies amp Products Page 37 47 DEP PC AUX Program User Manual 04 01 Classification Public 5 7 ABOUT MENU The About menu gives information about the DEP PC AUX Program PC Aux Engine File Toolbar CED Window About e c PCA x 0 Def Lists open 16 fo crypt gt Project gt Programs gt DepNT gt pc aux o gt V 000 e Def list files 4 SshDefList db CapDefList db ReyDefList db All Definition Lists present 2 Click on PC AUX menu item in the About menu to obtain information about the product Worldline PC AUX 42 0 Copyright Atos Worldline 2005 2012 a Atos Worldline N V Chauss e de Haecht 1442 Haachtsesteenweg B 1130 Brussels Belgium www atosworldline be www atoswarldline com www banksys com Support dephotline atosworldline atosorigin com ATOS Worldline Technologies amp Produ
15. have to be familiar with the encoding rules defined in paragraph 6 on page 38 see also the DEP Key Entry Guide document 5 3 1 Enter Values 5 3 1 1 General Mechanism For helping the user to encode the fields values and to avoid as many as possible the encoding of wrong data each field keeps a list with the possible values that can be introduced Most of the lists contain static values i e fixed by the application but give additional information For example the list on the ENTRY field in the Keys tab indicates that the value OO RAND concerns a random key 01 DS2 concerns a key coming from a DS2 backup ATOS Worldline Technologies amp Products Page 26 47 DEP PC AUX Program User Manual 04 01 Classification Public 0 03 01 02 01 0 02 02 DE 03 0 02 04 02 M 0 00 18 Bi 01 1 UE SHE 01 0 01 0 OL 01 0 Uz 01 0 OL 01 0 OL 01 Use these lists to fill in or to modify a line by selecting the appropriate value for each field The main steps and rules for a field modification are 1 First select the field you want to modify and then single click on it If values are available the I button appears LE C DepNT Tools PC AUX New Folder 2 Secret Sharing Capabilities 3 Keys TAG NAME TYPE LENGTH SSH IDX KR ENTRY CV 4 04000000 01 0015 00 0 ME juo i 99000001 NEW REY 00 01 0 02 02 99000002 NEW FEY 00 FF 01 0 02 02 2 Click on button I to
16. 0 Keys tag NAME TYPEJLENGTHJSSHIDXJKR ENTRY E 8000000 DEP DME 01 0015 01 0 02 04000500 DEP_DSTE 04 0020 00 0 02 I 04000700 DEF HMK 01 0015 00 0 02 i 041 1 00FF DEP_ERASE 01 El 04130000 DEP DES3 01 04130100 DEP DES 0 00 ano pes 04 50308 DEP ERAS 00 0018 DES3 Hl D4 30500 DEP DES2 0i 00 a 04130702 DEP 2 0i 00 E 04250104 DEP ME 0i 00 5 3 2 Copy line An entire line or record in a tab of any sub window can be copied and pasted in same tab or in the tab of another sub window as far as you stay working in the same kind of tab you cannot copy a line in the Secret Sharing tab and past it in the Capabilities tab To copy a line click on a record and select the Copy line menu item from the Edit menu 5 3 3 Paste line A line copied into the clipboard see paragraph above can be pasted into by selecting the Paste line menu item from the Edit menu Do not forget that the destination tab must remain in the same kind of tab in the current or in another sub window ATOS Worldline Technologies amp Products Page 29 47 DEP PC AUX Program User Manual 04 01 Classification Public LE C Program Files PcAux_Ds2Backup Def List files E E E _ B x 2 Secret Sharing 5 Capabilities 1 ME 0500000 3 SAVE KEYS 05000200 LOAD 05000300 Sw LOAD 05000500 SET TRACE 05000700 SET P
17. 01 04000500 DSTK 04 0020 7 0 02 04000700 01 one oo 0 02 0 41100 ERASE 01 0048 06 0 mn of 4130000 DEP DES3 01 one 00 1 05 oF of 04130100 DEP DES 01 0008 00 0 oo of 0130308 DEP ERAS 01 0008 00 0 mn of 4130500 DEP DES 01 0010 00 0 i DEP 01 0018 DG 0 um 0 5 4 TOOLBAR MENU The Toolbar menu allows to hide or to display the shortcut buttons in the toolbar Read CZD Write CZD and Check files consistency LE PC Aux Engine File Edit Toolbar CFD Window About v El a 1 Def Lists open 15 max Toolbar window Abo T Hide Read CZO al Hide Write CzD wf Hide Check Files consistency By clicking on these menu items the corresponding buttons disappear from the toolbar LE PC Aux Engine File Edit Toolbar CED window About gcn v 1Deflistsopen l ma9 To make the toolbar buttons again visible click once more on the menu items Notice that their label was adapted to the context Hide became Display Toolbar Window About Display Read CZO al Display Write CZO wf Display Check Files consistency 5 5 CZD MENU The CZD menu allows defining the communication port reading the C ZAM DEP s Definition List files and writing Definition List files to the C ZAM DEP ATOS Worldline Technologies amp Products Page 32 47 DEP PC AUX Program User Manual 04 01 Classification Public
18. 3 1 2 Dynamic Values The SSH IDX list in the Capabilities tab or Keys tab displays the values defined in the Secret Sharing tab The SSH_IDX and the SSH NAME fields shown in this list are pointers to the corresponding fields in the Secret Sharing tab 4 Secret Sharing 5 Capabilities 10 Keys 4 Secret Sharing 5 Capa MAME Mao 55H Cu em ex m 05000000 C SAVE KEYS 02 05000300 C Sw LOAD a 05000500 C_SET_TRACE SSH_DMK SSH 2 05000600 REAL TIME SSH 05000700 SET 01 55H 0255 _2 0 55 _ FF secret sharin This means that adding or deleting a line in the Secret Sharing tab modifies the content of these SSH list If a field in the Capabilities or Keys still contains a deleted SSH_IDX the Check files consistency see paragraph 5 2 3 on page 20 will arise an error Error e Value of 55H 10 does not exist in Secret Sharing Def List in arid Capabilities can not save these Definition List files 5 3 1 3 Length Values The LENGTH field in the Keys tab combines a list in which a value can be picked or directly encoded in the upper field The data encoded 4 characters must be ATOS Worldline Technologies amp Products DEP PC AUX Program User Manual 04 01 Page 28 47 Classification Public hexadecimal values The proposed values in the list depend on the TYPE field Here for DES key 4 Secret Sharing 5 Capabilities 1
19. ARAM MEC SET If the identifiers SSH IDX in the Secret Sharing tab TAG in the Capabilities tab and TAG in the Keys tab already exist in the tab where the line is copied they receive a new value based on the last record s value increased lyex In case of the Capabilities and Keys tabs the two first characters of the tag are voluntarily put into a wrong value 99 in order to avoid adding mindlessly new keys or capabilities that will be then sent uselessly into the C ZAM DEP But pay attention for the Keys tab a line cannot be copied between an old and a new Key Definition List The reason is that the key types do not correspond and would introduce confusion x d The Copy line operation is not allowed between OLD and NEW Definikon Files An undo function is possible by pressing the ESC key before the validation 5 3 4 Insert line The Insert line functionality inserts a line with default values and with identifiers for the Capabilities and Keys tabs To construct the identifier in the key field of each record inserted the same rules as for the copy of a line See paragraph 5 3 3 on page 28 are followed Select Insert line in the Edit menu or click the button to insert a new line in the list ATOS Worldline Technologies amp Products Page 30 47 DEP PC AUX Program User Manual 04 01 Classification Public LE C Program Files PcAux_Ds Backup Def List files E p Ioj x 2 Secre
20. CZO Window About Communication pork Ctrl M Read CzD Fil Write CZD Fiz 5 5 1 Communication port Before working with the C ZAM DEP verity that it is connected with the PC using the dedicated serial cable see paragraph 4 1 on page 3 To select the correct communication port select the Communication port menu item Communication port Port COM s Trace ALI sers username Worldine Pl owes Make sure that the selected port is the good one because no hardware verification is done at this moment on the C ZAM DEP It means that by pressing the OK button after having chosen the communication port you only determine which port will be further used during a Read CZD or a Write CZD operation If you click the Cancel button no communication port will be selected To log the messages select the TraceOn checkbox The messages will be logged in the C Users USERNAME Atos Worldline PC_AUX Czd_trace txt file This can be useful to solve the communication problems 5 5 2 Read CZD The Read CZD functionality is used to import the Definition List files already available in a C ZAM DEP Refer to the DEP C ZAM DEP User Manual document for more information about getting Definition Lists in the memory of the C ZAM DEP First verify that the C ZAM DEP is connected to the PC and the correct communication port is defined see paragraph 5 5 1 on page 32 bring the C ZAM DEP in the correct mode to be able to send the Definition
21. Eg 2 C cryptt Project Programs DepNT pc aux _O00 Def list files 4 Me snoer ouer eers SSH Ci SSH1 5 shDelList db CapDefList db ReyDefList db All Definition Lists present It is not allowed to open a set of Definition List files twice The following error message appears when an already opened Definition List is tried to be opened again ATOS Worldline Technologies amp Products Page 20 47 DEP PC AUX Program User Manual 04 01 Classification Public Error These Detinition Lists are already open Please choose another anes and try again 5 2 2 Let me choose again the Definition Lists format The Let me choose again the Definition Lists format menu item is enabled when the user has checked an option in the window asking if the Definition Lists are always or never converted see paragraph 5 2 1 on page 17 By clicking on this menu item the selection is cleared During the opening of the next old Definition Lists files the message asking if the files must be converted or not will be shown again 5 2 3 Check files consistency The Check files consistency menu item checks the integrity of the Definition Lists It verifies that the encoded information is valid as described in paragraph 6 on page 38 and shows an error if it is not the case Error e Invalid value of KEY in grid Keys can not save these Definition List Files For examp
22. Haachtsesteenweg 1442 1130 Brusse Is Belgium ATOS Worldline DEP Documentation DEP PC AUX Program User Manual Version 04 01 Classification Public ATOS Worldline Technologies amp Products Page 2 47 DEP PC AUX Program User Manual 04 01 Classification Public Version Management Report 03 07 L Ernes 26 06 2008 Update for Version 4 0 1 FIPS bit and AES key type 03 08 18 03 09 Update v4 0 2 2 FIPS SSH Intro 04 00 01 03 2011 Change template into Atos veces minor changes 04 01 Anna Papayan 16 05 2012 Update for Version 4 2 0 BDE configuration support for Windows 7 Installation procedure COPYRIGHT NOTICE The information contained in this document is subject to change without notice Atos Worldline assumes no responsibility for any errors or omissions that may appear in this document The contents of this document must not be reproduced in any form whatever by or on behalf of third parties without prior written consent of Atos Worldline ATOS Worldline Technologies amp Products DEP PC AUX Program User Manual 04 01 Page 3 47 Classification Public 1 TABLE OF CONTENTS k TABEEOECONEENTS 3 2 SCOPE OF THE DOCUMEN S 5 Zale REFERENCES sada CUP Ud 22 CONTACTING ATOS WORLDEINE senteerd enen 5 3 PURPOSE OF DEP PC AUX PROGRAM oee ooooooossssssesseccee 6
23. P environment or by a specific DEP software refer to the DEP Atos Worldline Security Officer s Guide DEP Customer s Security Officer s Guide or to the dedicated software documentation The Keys Definition List can contain up to 600 records and minimum one record is required 6 3 1 Novelty since version 3 0 Since the version 1 2 05 the C ZAM DEP has undergone several modifications concerning the check values mechanism In order to support this new mechanism the DEP PC AUX Program from version 3 0 was adapted and works now with new Key Definition Lists allowing the choice between several algorithms for the three check values of each key definition Fortunately the old Key Definition Lists are always supported in the new C ZAM DEP and DEP PC AUX Programs However the DEP PC AUX Program gives the possibility to convert the old Key Definition List format into a new Key Definition List format see paragraph 5 2 10 on page 24 and oppositely see paragraph 5 2 9 on page 23 6 3 2 Novelty since version 4 0 Since DEP PC AUX Program version 4 0 1 it is possible to define 2 new features AES key type Key Reconstruction method ATOS Worldline Technologies amp Products Page 41 47 DEP PC AUX Program User Manual 04 01 Classification Public These features have been merged into the new Definition List format and the old format 15 still supported Conversion between formats is also still supported However some data loss w
24. S4 up to DES10 keys NORM is not supported ATOS Worldline Technologies amp Products DEP PC AUX Program User Manual 04 01 Key identifiers Check value on every entered key sub part 4 Secre Sharing 5 Capabilities 13 Keys NAmE _ TYPEJLENGTH SSH_IDX 00 04990000 RANDOM KEY 01 0018 04330100 FROM 052 01 0018 00 E 04990200 CLEARTEXT KEY 01 0018 00 04330500 XOR2KEY 01 0010 00 04990600 XDR3KEY 01 0018 00 Encrypted ll 04330400 ENCRYPTED KEY 01 0008 00 keys 04990401 ENCRYPTED KEY 01 0010 00 p 04990402 ENCRYPTED KEY 01 0010 00 04990800 AES KEY 04 0020 00 04330C00 DEP KEY 01 0008 00 Transport n O4FOFO00 IDES TRANSPKE 01 0008 00 keys O4FOFO01 2DESTRANSPKE 01 0010 E O4FOF002 3DESTRANSPKE 01 0018 00 Key that will be Transport key reconstructed in entered as an the DEP XOR2 IOO O Check value on every Security Officer s key 00 N 01 m Na a 05 m 02 01 x03 Qj Qi mM 702 Q oo a 03 OA 00 X0 05 m 0 m 06 a m m Wo oF P oO oe 00 09 v ue Transport key entered as an XOR3 Check value on every final CZAM DEP key 01 Page 47 47 Classification Public KR NENTRY OW Cv2 WO 08 01 01 01 00 0240 Refers to the key in the former generation of banksys HSM Key encrypted with transport key 04FOF000 Key encrypted with transport key 04 0 002 Key encrypted with transport key 04 0 01 T
25. allShield Wizard installs PC ALI This may bake several minutes Status Updating component registration EN Installshield A progress bar and one or more status messages appears during the installation of the files 4 2 7 Setup Complete When all the files and information are copied an InstallShield Wizard Completed window appears to confirm a successful installation 2 PC AUX InstallShield Wizard InstallShield Wizard Completed The InstallShield Wizard has successfully installed PC 4U Click Finish En exit the wizard E Carmel Click Finish to confirm the message ATOS Worldline Technologies amp Products Page 14 47 DEP PC AUX Program User Manual 04 01 Classification Public 4 2 8 Post Installation Steps 4 2 8 1 Configure Borland Database Engine After installing the PC AUX the following configuration should be done in Borland Database Engine In Control Panel open the DBE Administrator program Following window will be opened BDE Administrator C Program Files Common Files Borland Shared BDEXIDAPI32 C F e Lal xl Object Edit view Options Help S NM Cu Drivers and System Databases Configuration ra Drivers coal System 2 items in Configuration Open the Drivers item and select the PARADOX from the Native submenu ATOS Worldline Technologies amp Products Page 15 47 DEP PC AUX Program User Manual 04 01 Classification Public BDE A
26. ating how to solve the problem ATOS Worldline Technologies amp Products Page 34 47 DEP PC AUX Program User Manual 04 01 Classification Public Information Please verity the COMMUNICATION PORT G ERROR No message received from Czam Dep the selected item in the CED menu Remark that this functionality can also be launched by clicking on the button in the toolbar 5 5 3 Write CZD The Write CZD functionality is used to transfer Definition List files from the PC to a C ZAM DEP Typically this function is used to modify the Definition Lists available in the C ZAM DEP First verify that the C ZAM DEP is connected to the PC and the correct communication port is defined see paragraph 5 5 1 on page 32 bring the C ZAM DEP in the correct mode to be able to receive the Definition Lists see DEP C ZAM DEP User Manual for this purpose and select the Write CZD menu item Information E4 then press on this window and then OF the CZ am Dep Cancel Place the C ZAMP DEP in the indicated mode confirm with OK in the application s information message and press the C ZAM DEP s OK button The Definition List will then be transferred from the PC to the C ZAM DEP 4 Please place the Czam Dep in Definition list Change list on PCHead lists made After a successful transfer an information window appears Information EJ d Lists correctly sended Click OK to confirm The De
27. blic Warming read this carefully Old Definition tiles format detected Do you want to convert into new Definition files format The conversion inta the new Definition Liste format implies that you are working With a version of the Cam DEF equal ar upper than 1 2 5 Once the files converted inta the new format vou can always decide to come back at the previous format ar to convert again the Definition Lists Into the new format according to the version of the DEF you are Bonver WEP files Do not convert DEF files Always convert DEF files and da no show this warning any more during this session For more information about the conversion see paragraphs 5 2 9 and 5 2 10 on page 24 After opening the Definition List files appear in a new sub window in the panel close to the explorer In this sub window three tabs Secret sharing Capabilities and Keys contain the Definitions List files records A maximum of 16 sets of Definition List files can be open in parallel PC Aux Engine Edit Toolbar CAD Window About ele mla 4 Def Lists open 16 max fo C gt crypt Project Programs EN C crpptt Project Programs4 D epNT pc aux _O00 Def list files 2X zl XcryptisProjectkProgramssD epH pc aux V_ gt V 000 Det list tiles 4 C cryptt Project Programs DepN T pc aux _O00 Def list files 15 21515 0004Def list files Mnl
28. cts Page 38 47 DEP PC AUX Program User Manual 04 01 Classification Public 6 DEFINITION LISTS Once the Definition Lists have been loaded into the DEP PC AUX Program they can be edited 6 1 SECRET SHARING DEFINITION LIST The Secret Sharing Definition List contains the properties of the Secret Sharing Schemes which are referenced to by the Key Definition List and the Capability Definition List For more information about how secret sharing works refer to DEP Secret Sharing Mechanism document To know which secret sharing definitions are needed for specific keys or specific capabilities refer to the DEP Atos Worldline Security Officer s Guide or to the DEP Customer s Security Officer s Guide PC Aux Engine C cryptt Project Programs DepNT pe aux _000 check in 31 07 035 Edit Toolbar CED Window About 8 El 1 Def Lists open 16 max fee gt crypt gt Project NAME GRP1 GRP2 GRP3 Programs E 00 gt DepNT GROUP 2 5 pe aux NEW 55H m v 000 check in 31 NEW SSH BAMKSYS Def files SshDefList db CapDefList db KeyDefList db All Definition Lists present A Secret Sharing Definition List can contain up to 30 records but minimum one record is required in the Secret Sharing Capabilities and Keys tabs Secret Sharing Definition List contains the following fields e SSH_IDX 1 byte index identifying the secret sharing record hexadeci
29. dministrator C Program Files Common Files Borland Shared BDE IDAPIS2 CFG Object Edit view Options Help Cs X Cu Drivers and System Definition of FARADO Databases Configuration Definition E B Ei Configuration MET DIR p P Drivers VERSION 40 Native TYPE FILE J D PARADOX LANGDRIVER ascii ANSI BLOCK SIZE 2048 FILL FACTOR 95 LEVEL 7 68 ODBC STRICTINTEGRTY el System Location of the application s network control PDERSLISRS MET Select the NET DIR property in the Definition panel and change the directory to C temp Select Directory Directory M ame Files CED Trace but FDOXLISRS MET ssh rat ssh xat sgh au ssh XD x Drives E m oe Be aware that this configuration should be done by all users on PC otherwise it will be saved only for an Administrator user ATOS Worldline Technologies amp Products Page 16 47 DEP PC AUX Program User Manual 04 01 Classification Public 5 USER INTERFACE 5 1 START UP WINDOW Once the DEP PC AUX Program 15 started a dedicated PC Aux Engine window is opened The main window s components are e a menu e dropdown box with the possible drives e an explorer panel that will be used to select the Definition List files e an empty panel close to the explorer that will contain the open Definitions List files e status bar e a toolbar CP PC Aux Engin
30. e Toolbar C20 window About v amp t x 0 Def Lists open 16 max gt cryptt gt Project gt Programs gt DepNT SshDefList db CapDefList db ReyDefList db All Definition Lists present 5 2 FILE MENU During the DEP PC AUX Program installation a set of Definition List files was installed in the installation directory s sub folder Def List files Use these files as a template to make your own Definition List files from scratch It is also possible to open existing Definition Lists and edit them according to the necessary requirements ATOS Worldline Technologies amp Products Page 17 47 DEP PC AUX Program User Manual 04 01 Classification Public LE PC Aux Engine File Edit Toolbar CED Window About Open Definition List Files 1 Def Lists open 15 max Let me choose again the Defimiton Lists Format Check Files consistency F10 x Def List files Close active ez 1 Keus Close al CNT GRP1 GRP2 55H GRP3 Save active Ctrl 5 01 01 OO Save active as 02 01 02 on Save all Convert into old Definition Lists Format Gonvert into new bekinitian Lists format Exit Ctrl E 5 2 1 Open Definition List files Opening a set of Definition List files means that three database files must be opened e KeyDefList db e CapDefList db e SshDefList db When the application starts up the selected folder is the installation folder So if you want to o
31. files consistency see paragraph 5 2 2 on page 20 Making a copy of Definition Lists or creating a template for Definition Lists are two examples for using the Save active as menu item 5 2 8 Save all The Save active and Save active as functionalities only save the active sub window The Save all menu item saves all the open Definition Files at their current location 5 2 9 Convert into old Definition Lists format To convert the new Definition Lists into the old format select Convert into old Definition Lists format menu item This conversion will discard unsupported features in the old format the possibility to choose a check value in columns CV CV2 CV3 for all the key definitions the possibility to choose a Key Reconstruction in the DEP the possibility to choose an AES key type NOTE during the conversion all the transport keys and the AES keys will be deleted A message is displayed for confirmation ATOS Worldline Technologies amp Products Page 24 47 DEP PC AUX Program User Manual 04 01 Classification Public Warning eee xi During this conversion all the Transport keys and AES keys will be deleted Continue the conversion Cancel After the conversion the trace of the previously selected check values is lost forever as well as the information that the key has to be reconstructed in the DEP When the Definition Lists are again converted into the new format the key defi
32. finition Lists are now available in the memory of the C ZAM DEP Remark that this functionality can also be launched by clicking on the Kel button in the toolbar ATOS Worldline Technologies amp Products Page 35 47 DEP PC AUX Program User Manual 04 01 Classification Public 5 6 WINDOW MENU The Window menu allows arranging the Definition List files sub windows following the Tile or the Cascade position You can also set the focus on a determined sub window by choosing it in the list constructed in the menu Window About Tile Cascade 1 5 6 1 Tile Click on the Tile menu item to arrange the sub windows in the tile position PC Aux Engine OLX File Edit Toolbar CAD Window About e mla 4 Def Lists open 16 r ii C cryptt Project Programs DepNT Mel C cryptt Project Programs DepNT Miel Ea cnp gt Project 2 Secret Sharing Capabilities 12 Keys 22 Program roet eat 1 01 DepNT No 55H an Na 55H GROUP 2 02 01 Sit SSH T NEW SSH 01 01 NEW SSH o 01 C cryptt Project Programs DepNT Mel x Cc cryptt Project Programs DepNT I x 2 Secret Sharing 7 Capabilities 12 Keys 2 Secret Sharing 7 Capabilities 12 Keys ehm nl eo ea 100 No SSH on No SSH SSH1 Ch SSH1 SshDetList db CapDetfList db ReyDefList db All De
33. finition Lists present 5 6 2 Cascade Click on the Cascade menu item to arrange the sub windows in the cascade position ATOS Worldline Technologies amp Products Page 36 47 DEP PC AUX Program User Manual 04 01 Classification Public File Edit Toolbar CED Window About mla 4 Def Lists open 16 fo CS cruptt o gt Project gt Programs gt DepNT gt pc aux gt 4000 Det list files 4 C crpptt Project Programs D epNT pe aux _O00 Def list files 14 19 2 C cryptt Project Programs DepNT pc aux _O00 Def list files 2 10 gt 2 C cryptt Project Programs DepNT pe aux _O00 Def list files 3 2 C Acryptt Project Programs DepN T pc aux _O000 Def list files 44 Min gt lt 7 Capabilities 13 Keys GRP_ONT GRPi GRP2 Ssq_GAPS Joo No SSH 01 01 00 m GROUP 2 02 01 00 Joe NEW SSH 01 01 00 Site MEW SSH 01 01 00 SshDefList db CapDefList db ReyDefList db All Definition Lists present 2 5 6 3 Focus Focus on a determined window by choosing it in the list constructed in the menu Focusing a sub window means that it becomes active i Es PC Aux Engine File Edit Toolbar CED Window e C Tile Cascade 5 1 C cryptt Project Programs DepNT pe aux V_OO0 Def list iles 1 Of xd 2 C veryptt Project Programs DepN _ 0 des e
34. here is key sub part for a Key Reconstruction in the DEP gt no CV1
35. ill occur while converting from new format to the old one See paragraphs 5 2 10 and 5 2 9 on page 23 Following paragraphs concern the new and the old Key Definition Lists format working with the PC AUX program since version 4 0 1 6 3 3 Key Definition List fields Key Definition Lists contain the following fields e TAG 4 bytes identification tag of the key value 04000000 to 04FFFFFF e NAME 14 bytes name ASCII printable characters describing the key record this name appears also on the C ZAM DEP s display e TYPE 1 byte identifies the type of the key e LENGTH 2 bytes hexadecimal value representing the length of the key in bytes e SSH IDX 1 byte identifies the Secret Sharing Scheme linked to the key refers to the secret sharing index in the Secret Sharing Definition List 00 to ID FF e 1 byte identifies if the keys are reconstructed in C ZAM DEP or in DEP e ENTRY 1 byte identifies the key reconstruction method e CVI CV2 CV3 1 byte each field identifies a check value level and defines the algorithm for the calculation of this check value the DEP Key Entry Guide gives a complete description of the check values algorithms e NO 2 bytes identifies the key in the key table of a former generation of Atos Worldline HSM 0000 to FFFF or represents the last byte of the transport that will decrypt the values loaded in the C ZAM DEP depending on the ENTRY field ATOS Worldline Tech
36. le the values introduced in the SSH_IDX field of the Capabilities and Keys tabs must be defined in the Secret Sharing tab where the SSH_IDX field identifies each Secret Sharing see paragraphs 6 3 and 6 4 on pages 39 and Error Bookmark not defined Otherwise an error 1s raised Error Value of 55 10 does not exist in Secret Sharing Def List in grid Keys can not save these Definition List Files Remark that e The Check files consistency only verifies the active Definition List files ATOS Worldline Technologies amp Products Page 21 47 DEP PC AUX Program User Manual 04 01 Classification Public Make active the sub window for which a consistency check is required see paragraph 5 6 3 on page 36 and select the Check files consistency in the File menu This functionality can also be launched by clicking on the button in the toolbar or simply pressing F10 e When an error is detected the application stops on the wrong record Correct the error and launch again the Check files consistency to end the verification 5 2 4 Close active The Close active menu item closes the active sub window and proposes to save its Definition List files if they have been modified but not yet saved Information Definition List modified in CA Deph T Taalss PELIS Def List files Save files Cancel Make active the sub window that needs to be closed see paragraph 5 6 3 on page 36 and se
37. lect Close active in the File menu 5 2 5 Close all Where Close active closes only the active sub window the Close all menu item closes all the sub windows and proposes to save their Definition List files if they have been modified and not yet saved 5 2 6 Save active The Save active menu item is used for saving modified Definition List files or Definition List files coming from a C ZAM DEP see paragraph 5 5 2 on page 32 Make active the sub window that needs to be saved see paragraph 5 6 3 on page 36 and select Save active in the File menu If the sub window was never saved e g the Definition List files are coming from the C ZAM DEP the Save active functionality is automatically converted to a Save active as see paragraph 5 2 7 on page 22 Notice that as soon as the Definition List files have been modified a star appears in title bar of the sub window warning that the Definition List files need to be saved to keep the modifications ATOS Worldline Technologies amp Products Page 22 47 DEP PC AUX Program User Manual 04 01 Classification Public PC Aux Engine File Edit Toolbar CZD Window About e mla 1 Def Lists open 15 max gt C cryptt Project Programe4 D epNT pc aux _O00 Det list files 44 m d 2 Secret Sharing 7 Capabilties 12 Keys E Programs ssHiDx NaAME GRP3 gt DepNT joo No SSH
38. make the values visible 3 A single click on an item in the list puts the value at the top of the list as well as in the field that must be modified At this moment the button POST see the toolbar in the previous scheme becomes enabled Although the value is not yet posted in the database 4 To validate the data click on the POST gt or press ENTER the value is now modified Remark that double clicking on an item in the list immediately changes the value There are two reasons why no predefined values are available for a field e The field cannot be modified as for CV2 and CV3 in the case of the old Definition List files or for the key entry modes 00 RANDOM and 01 052 BACKUP e The user can freely define the values e g for the fields TAG and NAME In this case an edit box appears below the value to modify Change the ATOS Worldline Technologies amp Products Page 27 47 DEP PC AUX Program User Manual 04 01 Classification Public value and post it with the button POST or by pressing ENTER Freely means that if there is not predefined values the data must although meet a number of requirements as for the TAG of a key 8 HEX characters beginning with 04 4 Secret Sharing 5 Capabilities 10 Keys TAG NAME LENGTH _ Josoo0000 DEP DMK 0018 04000500 0020 a4000700 0018 0411 00FF DEP ERASE 01 0048 nad MPSS hin a 5
39. mal value from 00 to 1D e NAME 14 bytes name ASCII printable characters describing the secret sharing record e CNT 1 byte number of secret sharing groups value from 01 to 03 ATOS Worldline Technologies amp Products Page 39 47 DEP PC AUX Program User Manual 04 01 Classification Public e GRPI 1 byte number of parts required in group one to reconstruct the secret value from Ol to 05 e GRP2 1 byte number of parts required in group two to reconstruct the secret value from 00 to 05 e GRP3 1 byte number of parts required in group three to reconstruct the secret value from 00 to 05 Every record must have a unique SSH IDX The groups GRPx are completed in sequential order 1 when the GRP3 15 different from 00 then the GRP2 must also be different from one At least the group GRP must be defined 6 2 CAPABILITY DEFINITION LIST The Capability Definition List contains the properties of the DEP capabilities To know which capabilities with which properties are required by the DEP environment or by a specific DEP software refer to the DEP Atos Worldline Security Officer s Guide DEP Customer s Security Officer s Guide or to the dedicated software specification PC Aux Engine C cryptt Project Programs DepN T pc aux _000 check in 31 07 035 File Edit Toolbar CED Window About 8 x e f amp u 3 1 Def Lists open 16 max A Secret Sharing
40. nitions will receive default values according to the explanations given in paragraph 5 2 10 on page 24 5 2 10 Convert into new Definition Lists format This menu item is enabled when working with old Definition Lists Clicking the Convert into new Definition Lists format converts the Definition List into the new format In the field KR the conversion puts 0 value indicating old way to reconstruct the key 1 e in the CZAM DEP In the field CV the conversion puts a value corresponding to the old format s check value The check values at CV2 and are set to 01 NONE which means that no check value is defined for the moment The conversion makes it possible to choose between three specific check values for each key defined in the fields CV2 Moreover the conversion gives a new identifier to the key types see paragraph 6 4 5 on page Error Bookmark not defined in the ENTRY column A new key type replaces three old key types e Old 02 FULL type Gn column ENTRY remains 02 DEF type with 03 FULL as check value in column CV 1 e Old 03 NORM type in column ENTRY becomes 02 DEF type with 02 NORM as check value in column CV 1 e Old 04 NONE type in column ENTRY becomes 02 DEF type with 01 NONE as check value in column CV1 e Old 05 POOL type in column ENTRY becomes 03 POOL type with 02 NORM as check value in column CV 1 e Old 06 ENC type in
41. nologies amp Products Page 42 47 DEP PC AUX Program User Manual 04 01 Classification Public Every record must have a unique key TAG Besides the SSH_IDX must be defined in the Secret Sharing Definition List The value FF can be used when no secret sharing scheme 15 associated to the key and thus cannot be saved on DCC 6 3 4 Common fields for old new Key Definition Lists The fields TAG NAME TYPE LENGHT and SSH_IDX are common for both the old and the new Key Definition Lists 6 3 5 Specific values for old Key Definition List Some fields are specific for the old Key Definition List e TYPE 1 byte identifies if the key is DES or RSA gt 01 DES key gt 02 RSA key e LENGTH 2 bytes hexadecimal value representing the length of the key in bytes For DES key proposed values are 0008 DES1 0010 DES2 0018 DES3 For RSA keys proposed values are 0040 RSA 512 bits 0080 RSA 1024 bits e ENTRY 1 byte identifies how the key values can be created in the C ZAM DEP and which check value algorithm is applied gt 00 RAND keys are generated randomly by the C ZAM DEP DES keys only gt 01 052 keys come from a DS2 key backup file gt 02 FULL manual key loading per block of eight bytes every block has a FULL check value gt 03 NORM manual key loading per block of eight bytes every block has a NORM check value gt 04 NONE manual key loading per block of eight bytes without any check val
42. pen the Definition List files installed in the Def List files sub folder double click on this folder and notice that the status bar indicates that the three Definition List files the database files but also implicitly the index files are present in the selected folder It means that you are allowed to open them To perform this operation use the Open Definition List files menu item More generally use the explorer to select any folder by double clicking the directory containing the Definition List files you want to open For each selected folder the status bar always indicates which Definition List files are present and reacts by enabling or by disabling the Open Definition Lists files menu item Although the Definition List s format changed from version 3 2 2 the former Definition List files that defined the keys are although still usable whichever version you are working with 3 0 or higher When old Definition Lists are being opened a message gives the possibility for the user to convert these old lists into the new format or to keep the old format ATOS Worldline Technologies amp Products Page 18 47 DEP PC AUX Program User Manual 04 01 Classification Public Warning read this carefully Old Definition tiles format detected Do you want to convert into new Definition files format The conversion into the new Definition Lists Format implies that vau are working with a version of the DEF equal or u
43. pper than 1 2 5 Once the files converted inta the new format vou can always decide to come back at the previous format ar ta convert again the Definition Lists inta the new format according to the version of the CZam DEP vau Convert DEF files Always convert DEF files and da show this warning any more during this session Never convert DEF files and do na show this warning any more during this session This message asks the user to make a choice convert Definition List files or not Be aware that converted Definition Lists files require a version of the C ZAM DEP equal or upper than 1 2 05 But even if the Definition Lists files were converted into the new format they can again be reconverted into the old format and so run with a version of the C ZAM DEP lower than 1 2 05 In case of Definition Lists already converted the warning 1s not displayed Two options are available e Always convert DEF files and do not show this warning anymore during this session e Never convert DEF files and do not show this warning anymore during this session If one of these options 1s checked the warning message will no more be shown except if the user mentions it explicitly see paragraph 5 2 2 on page 20 In the example here below the user has chosen that the Definition Lists will never be converted ATOS Worldline Technologies amp Products Page 19 47 DEP PC AUX Program User Manual 04 01 Classification Pu
44. r To continue click Next WARMING This program is protected by copyright law and international treaties Cancel Click the Next button to continue the installation procedure Back to return to the previous screen or Cancel to abort 4 2 2 User Information The User Information screen allows to enter the user name and the name of the company that performs the installation ATOS Worldline Technologies amp Products Page 9 47 DEP PC AUX Program User Manual 04 01 Classification Public jap PC AUX InstallShield Wizard Customer Information Please enter your information User Name WISER Organization Install this application For Anyone who uses this computer all users Only For me USER Installshield lt Back cancel Enter the user and the organization names in appropriate fields select the users group for the application and click the Next button to continue Click Back to return to the previous screen or Cancel to abort the installation procedure 4 2 3 Choose Destination Location At the Destination Folder step the destination directory for the application should be selected It defines the path where the DEP PC AUX Program will be installed The default path is C Program Files Atos Worldline PC AUX ATOS Worldline Technologies amp Products Page 10 47 DEP PC AUX Program User Manual 04 01 Classification Public jap PC AUX InstallShield
45. resellers and distributors can send an email to the DEP Hotline mailto dephotline atosworldline atosorigin com ATOS Worldline Technologies amp Products Page 6 47 DEP PC AUX Program User Manual 04 01 Classification Public 3 PURPOSE OF DEP PC AUX PROGRAM The C ZAM DEP allows making operations on keys and capabilities such as creating keys in the C ZAM DEP saving key parts or keys on DCC s by using a defined secret sharing mechanism see DEP C ZAM DEP User Manual for more information The C ZAM DEP needs a Definition List that describes the properties of every key and or capability for all these operations Briefly Definition Lists are used in the C ZAM DEP for key and capability management Three types of Definition Lists exist e Key Definition List e Capability Definition List e Secret Sharing Definition List Key Definition List contains the properties of keys that are used in a specific DEP environment Capability Definition List contains the properties of capabilities How these keys and capabilities are divided before storage on DCC is defined in Secret Sharing Definition List With the DEP PC AUX Program it is easy to create and or edit Definition Lists using a PC Once created or edited the Definition Lists can be sent to a C ZAM DEP and additionally be saved on DCC It is also possible to read the Definition Lists available in a C ZAM DEP in the DEP PC AUX Program for editing or backup purpose
46. st have been previously defined in the Key Definition List the tag of a transport key always begins with 4 one byte 00 to FF representing the key instance these key instances is filled in the field INST of the ENC2 keys and will point on their related transport key For keys reconstructed in the DEP the proposed values are gt 05 XOR2 manual loading per block of eight bytes and each part is divided in two sub parts XORed gt 06 XOR3 manual loading per block of eight bytes and each part is divided in three sub parts XORed 0A ENC2 manual loading of an encrypted key per block of eight bytes every block entered is decrypted by an external transport key single double or triple DES key at least one transport key must have been previously defined in the Key Definition List the tag of a transport key always begins with 4 one byte 00 to FF representing the key instance these key instances is filled in the field INST of the ENC2 keys and will point on their related transport key gt OB SSH manual loading per block of eight bytes and each part 15 ATOS Worldline Technologies amp Products Page 45 47 DEP PC AUX Program User Manual 04 01 Classification Public divided in a certain number of sub parts reconstructed using Secret Sharing scheme The scheme used number of groups number of parts per group is determined by the value of the SSH_IDX e CVI CV2
47. t Sharing 5 Capabilities 1 EEM SSD 05000000 SAVE KEYS 05000200 C_SCM_LOAD 05000500 Sw LOAD 05000500 C_SET_TRACE a OS000700 SET PARAM HE 5 3 5 Delete line Delete line is used to delete a complete line Just select the record and click the Delete line menu item in the Edit menu A message asks to confirm the deletion The deletion of a transport key causes the deletion of all its related ENC2 keys In the following example the deletion of the transport key O4FOF0001 causes the deletion of the ENC2 key 040000014 4 Secret Sharing 5 Capabilities 11 Keys je EE DE Cv 04000000 an n m 01 04000500 DSTK XI 104000700 HMK 01 you really want to delete this transport key o41100FF 1 0 04130000 DEP DES3 and ALL its related ENC keys 01 041530100 DESI 01 B 04130308 CEP ERAST 01 04130500 DES2 01 04130202 2 01 0006 02 0 01 01 01 4250105 DEP 01 0019 06 0 00 01 01 01 O4FOFOOO TRANSPORT KEY 00 01 0 02 02 01 The transport key and its related ENC2 key have been deleted ATOS Worldline Technologies amp Products Page 31 47 DEP PC AUX Program User Manual 04 01 Classification Public 4 Secret Sharing 5 Capabilities J Keys Jee ewe reele oen eve 4000000 01 0018 0
48. te are not used in case of old Key Definition Lists see paragraph 6 4 1 on page Error Bookmark not defined e NO 2 bytes gt when the ENTRY field equals 01 DS2 the field s value is the identification of the key in the key table of a former generation of Atos Worldline HSM 0000 to FFFF in this case the column s name changes into SLOT when the ENTRY field has another value the field 1s not used read only and the value is set to 0000 More information about the way the keys are entered different entry modes can be found in the document DEP Key Entry Guide 6 3 6 Specific values for new Key Definition List Some fields are specific for the new Key Definition List e TYPE 1 byte identifies the type of the key gt 01 DES key gt 02 RSA key gt 04 AES key e LENGTH 2 bytes hexadecimal value representing the length of the key in bytes For DES key proposed values are 0008 DES 1 0010 DES2 0018 DES3 other values up to DES10 can be introduced manually For RSA keys proposed values are 0040 RSA 512 bits 0080 RSA 1024 bits For AES key proposed values are 0010 AES 128 bits 0018 AES 192 bits 0020 AES 256 bits e KR 1 byte identifies where the keys are reconstructed ATOS Worldline Technologies amp Products Page 44 47 DEP PC AUX Program User Manual 04 01 Classification Public gt 00 CZD key is reconstructed in the CZAM DEP gt 01 DEP
49. ts the last byte of the transport that will decrypt the values loaded in the C ZAM DEP in this case the column s name changes into INST gt when the ENTRY field has another value the field is not used read only and the value is set to 0000 More information about the way the keys are entered different entry modes can be found in the document DEP Key Entry Guide 6 3 7 Field dependency table For clarity here are two tables that show the dependency between the fields of new Key Definition List and proposed values in each case TYPE LENGTH 01 DES 0008 DESI ATOS Worldline Technologies amp Products Page 46 47 DEP PC AUX Program User Manual 04 01 Classification Public 0010 DES2 0018 DES3 0040 RSA 512 bits id 0080 RSA 1024 bits 0010 AES 128 bits 04 AES 0018 AES 192 bits 0020 AES 250 bits KR ENTRY 1 CV2 CV3 01 DS2 02 DEF 03 POOL 04 ENC 00 NONE 05 XOR2 01 NORM 06 XOR3 02 FULL 07 XR2A 03 ISO 10118 2 08 XR3A 09 DX3 0A ENC2 05 XOR2 02 NONE 06 XOR3 01 NONE 03 NORM OA ENC2 03 ISO 10118 2 6 3 8 Example An example of Key Definition List which is encoded in the new Definition List format is shown in this paragraph It lists the most used key entry modes and explains the most important properties See also the document DEP Key Entry Guide for more information Remark that for the check value levels the advice is followed as described in the DEP Key Entry Guide For DE
50. ue gt 05 POOL manual key loading according to the POOL definition gt 06 ENC manual loading per block of eight bytes every block entered is decrypted with another key K AB the loading of this decrypted key must be followed by a check value defined as the six leftmost bytes of the encrypted value key 00000000 gt 07 XOR2 manual loading per block of eight bytes and each part 15 divided in two sub parts XORed each of the sub parts have a check value VORM gt 08 XOR3 manual loading per block of eight bytes and each part is divided in three sub parts XORed each of the sub parts have a check value VORM This field was formerly called KEY GEN ATOS Worldline Technologies amp Products Page 43 47 DEP PC AUX Program User Manual 04 01 Classification Public gt 09 XR2A manual loading per block of eight bytes and each part is divided in two sub parts XORed the first sub part has a check value NORM the last has a check value NORM over the XORed key gt 0 XR3A manual loading per block of eight bytes and each part is divided in three sub parts XORed the two first sub part have a check value NORM the last has a check value NORM over the XORed key gt OB DX3 manual loading associating a XOR3 with the introduction of a block of eight bytes The last block is decrypted with the XORed key and a check value NORM is computed on the result of the decrypted key e CVI 1 byte CV2 1 byte 1 by
Download Pdf Manuals
Related Search