Authentication options, Key access and ownership – HP Secure Key Manager User Manual

The KMS Server can define a local users and groups list or you can use an LDAP server to centrally
manage your users and groups.

Authentication Options

The KMS Server provides many options with respect to security and authentication. You can:

•

mandate SSL – You can choose between SSL connections and standard TCP connections; SSL
connections are more secure since all data exchanged between client and server is encrypted.

•

allow global sessions – You can allow clients to access and create global keys without providing
a valid username and password to the KMS Server; this obviously does not offer a high level of
security.

•

disable global sessions – You can disable global sessions altogether, which requires all users to
provide either a valid username and password combination, or a client certificate signed by a
CA trusted by the KMS Server.

•

require client certificates – You can require that clients present a client certificate in order to establish
SSL connections. This client certificate can be the sole means of authenticating to the KMS Server,
or it can be used in tandem with a username and password combination.

•

enforce strong, two-factor authentication – You can take the require client certificates option one
step further by having the KMS Server derive the username from the certificate; that username is
then compared against the username provided in the authentication request. If the usernames
match up and the password provided is correct, then the user is authenticated.

We recommend that you enforce the most stringent security policy supported by the KMS Server. Such
a security policy would mandate SSL, disallow global sessions, and enforce strong, two-factor
authentication.

Key Access and Ownership

Keys can be created as global or owned by a particular user (keys are not owned by administrators).
When you give group access permission for a key, all the users in that group can use that particular
key (after authenticating to the server).

When the client requests that the server generate a new key, it can specify that the key should be
exportable and/or deletable. An exportable key is a key that a client can export from the server.
Once a key is generated as exportable, it can be exported only by the owner and any members of
a group with the “Export” permission for that key.

A deletable key is a key that the client can delete from the server. Once a key is generated as deletable,
only the owner of the key can delete the key.

IMPORTANT:

Administrators with Keys and Authorization Policies access control can delete any key regardless of
whether it is marked as deletable.

Clients that do not authenticate can only see global keys, which are accessible to all users. Likewise,
any keys that the client generates during an unauthenticated connection are global keys. If a global
key is marked as exportable or deletable during generation, then all users have permission to export
or delete that key.

Secure Key Manager

185