List users and verify MBK | Utimaco Integration Guides

Use the /opt/utimaco/bin/csadm command, list and confirm the users created.

›_ Console
`# /opt/utimaco/csadm DEV=10.0.0.164 listusers Name Permission Mechanism Attributes OKVADMIN 22000000 RSA sign Z[0] SO_0000 00000200 HMAC passwd A[CXI_GROUP=SLOT_0000] USR_0000 00000002 HMAC passwd Z[0]A[CXI_GROUP=SLOT_0000]`

›_ Console

# /opt/utimaco/csadm DEV=10.0.0.164 listusers 

Name        Permission      Mechanism         Attributes 

OKVADMIN    22000000        RSA sign          Z[0] 

SO_0000     00000200        HMAC passwd       A[CXI_GROUP=SLOT_0000] 

USR_0000    00000002        HMAC passwd       Z[0]A[CXI_GROUP=SLOT_0000]

Now check to confirm the Utimaco HSM has an MBK.

›_ Console
`# csadm Dev=10.0.0.164 LogonSign=OKVADMIN,OKVADMIN.key MBKListKeys slot name len algo type k generation date key check value ----------------------------------------------------------------------- 3 MYMBK 32 AES XOR 2 2012/08/15 13:08:39 CC06067E3C8692DE:D53279C7B862EC54`

›_ Console

# csadm Dev=10.0.0.164 LogonSign=OKVADMIN,OKVADMIN.key MBKListKeys slot  name  len  algo  type  k   generation date  key check value 

----------------------------------------------------------------------- 

3     MYMBK  32  AES   XOR   2   2012/08/15 13:08:39 

CC06067E3C8692DE:D53279C7B862EC54

If no MBK is present you will need to generate one, before you can create any KEYS in the HSM.

Look at the csadm help=MBKGenerateKey and help=MBKImportKey for how to make this happen. Details can be found in the csadm document, CryptoServer csadm Manual 5.7 Commands for Managing the Master Backup Keys.