Breadcrumbs

Configure Utimaco CSP

The SafeGuard CryptoServer Cryptographic Service Provider (CSP) has to be configured before it can be used in the integration with the Microsoft Active Directory Rights Management Services. The CSP has to be aware of the SafeGuard CryptoServer device(s) to be used. Each CryptoServer device has to be registered in the CSP. Generally there are two types of key storage options available for the CSP:

  • The most common way is to store the keys inside the SafeGuard CryptoServer. This is the best protection against physical and logical attacks.

  • In a cluster or failover scenario, keys are stored externally. Normally the external storage is a media device e.g. shared network device (SAN or ISCSI) or a hard drive.

The next steps assume that an internal storage of keys is used:

  1. Start the SafeGuard CryptoServer CSP configuration tool (Start Control Panel Utimaco CryptoServer CSP).

tmp_gesy28v.jpg

CryptoServer CSP configuration

  1. Add a device to the list by pressing ADD DEVICE and enter the device specifier, e.g.:

    1. IP address of SafeGuard CryptoServer LAN.

    2. PCI:0 in case of SafeGuard CryptoServer PCI(e).

    3. 3001@127.0.0.1 in case of SafeGuard CryptoServer Simulator.

  2. Choose a group name for the new generated keys. Usually, the name of the workstation is chosen here. Confirm the settings by pressing OK.

tmpf10koas8.jpg

Device settings

  1. Now, you are prompted for a CryptoServer user logon. Only a user with administrative privileges can log on here. For example, select the default ADMIN user and press the LOGON button.

tmpcl9c58nh.jpg

User logon

  1. The user credentials must be provided here. If you have selected a key-based user, you are prompted for the user key. Enter the source of the private user key and press OK.

tmp0dmuuxoc.jpg

Authentication with key

  1. After a successful authentication, the user is logged on. Press the OK button to close the dialog.

tmpp7dx857k.jpg

User logon

  1. The new registered device is shown in the list of known devices.

tmpjtvb_g4u.jpg

CryptoServer CSP configuration

  1. Select the device in the list and set it as default by pressing the SET DEFAULT button. In case of a cluster or failover scenario several other devices may be defined and shown here.

tmpnmho2h3s.jpg

CryptoServer CSP configuration

  1. As the next step, the key storage export policy can be adjusted. Switch to the KEY STORAGE tab and set the key export policy as shown in the next figure. Then, click OK to leave the CryptoServer CSP Configuration window.

tmpi5c7a1nl.jpg

CryptoServer CSP configuration