This section describes how to create Security Officer (SO) and User accounts, initialize a slot, and update default credentials on the u.trust GP HSM Simulator.
Prerequisites:
-
the HSM Simulator is running and accessible (e.g.,
127.0.0.1). -
the
csadmutility is available in the current directory or PATH. -
the admin key file (e.g.,
ADMIN_SIM.key) is available.
Steps:
-
Create a user assigned to the slot.
./csadm dev=3001@127.0.0.1 LogonSign=ADMIN,./ADMIN_SIM.key AddUser=USR_0000,00000022{CXI_GROUP=SLOT_0000},hmacpwd,87654321
-
Create the SO user for slot management.
./csadm dev=3001@127.0.0.1 LogonSign=ADMIN,./ADMIN_SIM.key AddUser=SO_0000,00000200{CXI_GROUP=SLOT_0000},hmacpwd,87654321
-
Change the default password for the SO user.
./csadm dev=3001@127.0.0.1 Logonpass=SO_0000,87654321 ChangeUser=SO_0000,Cloud123
-
Change the default password for the user.
./csadm dev=3001@127.0.0.1 Logonpass=USR_0000,87654321 ChangeUser=USR_0000,Cloud123
-
List all users to confirm successful creation.
./csadm dev=3001@127.0.0.1 LogonSign=ADMIN,./ADMIN_SIM.key ListUsers
Utimaco HSM user configuration details
-
Replace
127.0.0.1with the actual HSM IP address if using a remote device. -
Replace passwords (
87654321,Cloud123) with secure values as per policy. -
Ensure the slot name (
SLOT_0000) matches your configuration. -
The group assignment
{CXI_GROUP=SLOT_0000}links the user to the corresponding slot.
The SO is responsible for slot initialization and user management, while the User account is used for cryptographic operations via PKCS#11 (e.g., GoKeyless integration).