Script started on 2018-09-14 18:12:53+00:00 # umount media[1@/ # load  keys uk # hwclock --show 2018-09-14 18:13:25.294496+00:00 # date Fri Sep 14 18:13:30 UTC 2018 # hwclock --set -date ""2"0"1"8"-"0"9"-"1"4" "" --localtime[1@1[1@0[1@:[1@0[1@8[1@:[1@0[1@0 579: hwclock: INIT: hwclock debug mask: 0x0001 579: hwclock: INIT: hwclock version: util-linux 2.32.1 hwclock: 1 too many arguments given Try 'hwclock --help' for more information. # hwclock --set -date "2018-09-14 10:08:00" --localtime-[1@- # hwclock --hctosys # hwclock --show 2018-09-14 10:08:18.513178+00:00 # date Fri Sep 14 10:08:23 UTC 2018 # mount tmpfs on / type tmpfs (rw,relatime,size=4194304k) none on /proc type proc (rw,relatime) none on /sys type sysfs (rw,relatime) dev on /dev type devtmpfs (rw,nosuid,noatime,size=8192k,nr_inodes=16384,mode=755) tmpfs on /run type tmpfs (rw,nosuid,nodev,relatime,mode=755) none on /sys/firmware/efi/efivars type efivarfs (rw,relatime) devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000) tmpfs on /tmp type tmpfs (rw,relatime) # ip link 1: lo: mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: enp0s31f6: mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether 54:e1:ad:e1:fc:e1 brd ff:ff:ff:ff:ff:ff # ip address 1: lo: mtu 65536 qdisc noop state DOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: enp0s31f6: mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 54:e1:ad:e1:fc:e1 brd ff:ff:ff:ff:ff:ff # ip address add 192.168.4.202/24 dev enp0s31f6 broadcast + # ip link set enp0s31f6 up # ip address 1: lo: mtu 65536 qdisc noop state DOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: enp0s31f6: mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000 link/ether 54:e1:ad:e1:fc:e1 brd ff:ff:ff:ff:ff:ff inet 192.168.4.202/24 brd 192.168.4.255 scope global enp0s31f6 valid_lft forever preferred_lft forever # ip route 192.168.4.0/24 dev enp0s31f6 proto kernel scope link src 192.168.4.202 linkdown # cat /tcn/prepare-tools.sh   #!/bin/bash TCN_BIN=/tcn/bin TCN_KEY=/tcn/hsm/key MAIN_PATH=Software/Linux/x86-64 FIRMWARE_PATH=Firmware/SecurityServer-Se2-Series/SecurityServer-Se2-Series-4.21.0.3.mpkg cd /tcn/hsm unzip SecurityServer-V4.21.0.3.zip ${FIRMWARE_PATH} cp ${FIRMWARE_PATH} . rm -rf Firmware unzip SecurityServer-V4.21.0.3.zip ${MAIN_PATH}/Administration/csadm ${MAIN_PATH}/Administration/key/ADMIN.key ${MAIN_PATH}/Crypto_APIs/CXI/bin/cxitool mkdir ${TCN_BIN} cp ${MAIN_PATH}/Administration/csadm ${TCN_BIN} cp ${MAIN_PATH}/Crypto_APIs/CXI/bin/cxitool ${TCN_BIN} chmod +x ${TCN_BIN}/cxitool chmod +x ${TCN_BIN}/csadm cp -r ${MAIN_PATH}/Administration/key ${TCN_KEY} rm -rf Software export JAVA_HOME=/tcn/java/jre1.8.0_181 export PATH=${TCN_BIN}:${JAVA_HOME}/bin:${PATH} loadkeys uk # source /tcn/prepare-tools.sh Archive: SecurityServer-V4.21.0.3.zip inflating: Firmware/SecurityServer-Se2-Series/SecurityServer-Se2-Series-4.21.0.3.mpkg Archive: SecurityServer-V4.21.0.3.zip inflating: Software/Linux/x86-64/Administration/csadm inflating: Software/Linux/x86-64/Administration/key/ADMIN.key inflating: Software/Linux/x86-64/Crypto_APIs/CXI/bin/cxitool # at  cat /etc/hosts # # /etc/hosts: static lookup table for host names # 127.0.0.1 localhost # End of file 192.168.4.203 root.local root 192.168.4.204 subs.local subs # lsbk lk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:16 1 14.3G 0 disk `-sdb1 8:17 1 14.3G 0 part nvme0n1 259:0 0 238.5G 0 disk |-nvme0n1p1 259:1 0 260M 0 part |-nvme0n1p2 259:2 0 16M 0 part |-nvme0n1p3 259:3 0 237.2G 0 part `-nvme0n1p4 259:4 0 1000M 0 part # mkfs.vfat /dev/sdb1 mkfs.fat 4.1 (2017-01-24) # ls -la tm  /tmp/audit/ total 4 drwxr-xr-x 2 root root 60 Sep 14 2018 . drwxrwxrwt 3 root root 60 Sep 14 2018 .. -rw-r--r-- 1 root root 4096 Sep 14 10:14 tcn-rkg-2018-09-14.log # mkdir /m tmp/gpg # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:16 1 14.3G 0 disk `-sdb1 8:17 1 14.3G 0 part nvme0n1 259:0 0 238.5G 0 disk |-nvme0n1p1 259:1 0 260M 0 part |-nvme0n1p2 259:2 0 16M 0 part |-nvme0n1p3 259:3 0 237.2G 0 part `-nvme0n1p4 259:4 0 1000M 0 part # mmoun    ount /dev/sdb1 /mnt # cp /mnt/*.txt /tmp/gpg # ls -la /tp mp/h gpg total 8 drwxr-xr-x 2 root root 80 Sep 14 10:44 . drwxrwxrwt 4 root root 80 Sep 14 10:44 .. -rwxr-xr-x 1 root root 49 Sep 14 10:44 root_backup_pass.txt -rwxr-xr-x 1 root root 49 Sep 14 10:44 subs_backup_key.txt # umount /mnt # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:16 1 14.3G 0 disk `-sdb1 8:17 1 14.3G 0 part nvme0n1 259:0 0 238.5G 0 disk |-nvme0n1p1 259:1 0 260M 0 part |-nvme0n1p2 259:2 0 16M 0 part |-nvme0n1p3 259:3 0 237.2G 0 part `-nvme0n1p4 259:4 0 1000M 0 part # mkfs.vfat /dev/sdb1 mkfs.fat 4.1 (2017-01-24) #  # ca sadm Dev=root CSLGetTime date: 15.09.2018 time: 10:51:44 (local time) date: 15.09.2018 time: 10:51:44 (UTC time) # csadm Dev=root CS:S   LSSetTime=ask,$(date @ "+%Y%m%d%H%M%S") unknown option / command 'CLSSetTime=ask,20180914104909' Use 'csadm Help' to get a list of all legal commands # csadm Dev=root CLSSetTime=ask,$(date "+%Y%m%d%H%M%S")S[1@S Enter Passphrase: Time successfully set to: date: 14.09.2018 time: 10:49:33 (local time) date: 14.09.2018 time: 10:49:33 (UTC time) # csadm Dev=root GetTime date: 15.09.2018 time: 10:53:54.679 (local time) date: 15.09.2018 time: 10:53:54.679 (UTC/internal) # csadm Dev=root LogonSign=ADMIN,/tcn/hsm/key/ADMIN.key SetTime=GMT Time successfully set to: date: 14.09.2018 time: 10:50:50.007 (local time) date: 14.09.2018 time: 10:50:50.007 (UTC/internal) # csadm   Dev=root GetAuditCofig unknown option / command 'GetAuditCofig' Use 'csadm Help' to get a list of all legal commands # csadm Dev=root GetAuditCofig[1@n Audit log configuration parameters: Number of logfiles: 3 Rotate logfiles: yes Max filesize: 200000 Events: 0x00000007 (Bits 1:2:3) # csadm Dev=root GetBootLog       AuditLog 24.08.18 06:24:37 [ADMIN] FC:0x087 SFC:0x0B Clear Audit Files (0) [0] 24.08.18 06:24:37 [ADMIN] FC:0x087 SFC:0x04 Delete File 'FLASH\mdlsigalt.key' [0] 24.08.18 06:24:37 [] FC:0x000 SFC: CryptoServer ERASE executed 24.08.18 06:24:38 [ADMIN] FC:0x087 SFC:0x15 Clear [0] 24.08.18 06:24:38 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\adm.msc' [0] 24.08.18 06:24:38 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\aes.msc' [0] 24.08.18 06:24:38 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\asn1.msc' [0] 24.08.18 06:24:38 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cmds.msc' [0] 24.08.18 06:24:38 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.mtc', Part 1 [0] 24.08.18 06:24:39 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.msc' [0] 24.08.18 06:24:39 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\db.msc' [0] 24.08.18 06:24:39 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\dsa.msc' [0] 24.08.18 06:24:39 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\eca.msc' [0] 24.08.18 06:24:39 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ecdsa.msc' [0] 24.08.18 06:24:39 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\exar.msc' [0] 24.08.18 06:24:39 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hash.msc' [0] 24.08.18 06:24:39 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hce.msc' [0] 24.08.18 06:24:39 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\lna.msc' [0] 24.08.18 06:24:39 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\mbk.msc' [0] 24.08.18 06:24:39 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ntp.msc' [0] 24.08.18 06:24:39 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\post.msc' [0] 24.08.18 06:24:40 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\pp.msc' [0] 24.08.18 06:24:40 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\sc.msc' [0] 24.08.18 06:24:40 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.mtc', Part 1 [0] 24.08.18 06:24:40 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.msc' [0] 24.08.18 06:24:40 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\util.msc' [0] 24.08.18 06:24:40 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vdes.msc' [0] 24.08.18 06:24:40 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vrsa.msc' [0] 24.08.18 06:24:46 [] FC:0x000 SFC: SMOS Ver. 5.5.7.2 successfully started 24.08.18 06:25:10 [] FC:0x000 SFC: SMOS Ver. 5.5.7.2 successfully started 24.08.18 06:25:17 [ADMIN] FC:0x087 SFC:0x07 Set Time from 180824062516Z [0] 24.08.18 06:25:22 [] FC:0x000 SFC: SMOS Ver. 5.5.7.2 successfully started 24.08.18 06:29:16 FC:0x069 SFC:0x02 mbk_ei_import_aes_sc: AES-0 ' ΙΜ', slot 3 [b0960012] 24.08.18 06:29:26 FC:0x069 SFC:0x02 mbk_ei_import_aes_sc: AES-0 ' ΙΜ', slot 3 [b0960012] 06.09.18 14:17:56 [] FC:0x000 SFC: SMOS Ver. 5.5.7.2 successfully started 06.09.18 15:20:29 [] FC:0x000 SFC: new ALARM detected: 0x80000080 (ext. erase) 06.09.18 15:20:29 [] FC:0x000 SFC: SMOS Ver. 5.5.7.2 successfully started 06.09.18 15:20:32 POST: DSA Cryptographic Algorithm Test skipped 06.09.18 15:33:29 [] FC:0x000 SFC: SMOS Ver. 5.5.7.2 successfully started 06.09.18 15:33:32 POST: DSA Cryptographic Algorithm Test skipped 06.09.18 15:56:50 [ADMIN] FC:0x087 SFC:0x14 Reset Alarm [0] 06.09.18 15:56:56 [] FC:0x000 SFC: SMOS Ver. 5.5.7.2 successfully started 06.09.18 16:22:39 [ADMIN] FC:0x087 SFC:0x1A change audit config param id:4(Events ) from:0x0000073F to:0x00000007 [0] 06.09.18 17:02:32 [] FC:0x000 SFC: CryptoServer ERASE executed 06.09.18 17:02:32 [ADMIN] FC:0x087 SFC:0x15 Clear [0] 06.09.18 17:02:32 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\adm.msc' [0] 06.09.18 17:02:33 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\aes.msc' [0] 06.09.18 17:02:33 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\asn1.msc' [0] 06.09.18 17:02:33 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cmds.msc' [0] 06.09.18 17:02:33 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.mtc', Part 1 [0] 06.09.18 17:02:33 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.msc' [0] 06.09.18 17:02:33 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\db.msc' [0] 06.09.18 17:02:34 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\dsa.msc' [0] 06.09.18 17:02:34 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\eca.msc' [0] 06.09.18 17:02:34 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ecdsa.msc' [0] 06.09.18 17:02:34 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\exar.msc' [0] 06.09.18 17:02:34 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hash.msc' [0] 06.09.18 17:02:34 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hce.msc' [0] 06.09.18 17:02:34 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\lna.msc' [0] 06.09.18 17:02:34 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\mbk.msc' [0] 06.09.18 17:02:34 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ntp.msc' [0] 06.09.18 17:02:35 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\post.msc' [0] 06.09.18 17:02:35 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\pp.msc' [0] 06.09.18 17:02:35 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\sc.msc' [0] 06.09.18 17:02:35 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.mtc', Part 1 [0] 06.09.18 17:02:35 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.msc' [0] 06.09.18 17:02:35 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\util.msc' [0] 06.09.18 17:02:35 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vdes.msc' [0] 06.09.18 17:02:36 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vrsa.msc' [0] 07.09.18 12:50:23 [ADMIN] FC:0x083 SFC:0x0E Add User 'COMMISSIONER' (COMMIS~0,3,00000002) [0] 07.09.18 13:22:59 [ADMIN] FC:0x083 SFC:0x05 Delete User 'COMMISSIONER' [0] 07.09.18 13:23:40 [ADMIN] FC:0x083 SFC:0x0E Add User 'COMMISSIONER' (COMMIS~0,0,00000002) [0] 11.09.18 09:09:54 [] FC:0x000 SFC: new ALARM detected: 0x80000080 (ext. erase) 11.09.18 09:21:37 [] FC:0x000 SFC: CryptoServer ERASE to factory setting 11.09.18 09:29:17 [ADMIN] FC:0x087 SFC:0x14 Reset Alarm [0] 11.09.18 09:30:43 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\adm.msc' [0] 11.09.18 09:30:43 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\aes.msc' [0] 11.09.18 09:30:43 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\asn1.msc' [0] 11.09.18 09:30:44 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cmds.msc' [0] 11.09.18 09:30:44 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.mtc', Part 1 [0] 11.09.18 09:30:44 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.msc' [0] 11.09.18 09:30:44 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\db.msc' [0] 11.09.18 09:30:44 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\dsa.msc' [0] 11.09.18 09:30:44 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\eca.msc' [0] 11.09.18 09:30:45 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ecdsa.msc' [0] 11.09.18 09:30:45 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\exar.msc' [0] 11.09.18 09:30:45 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hash.msc' [0] 11.09.18 09:30:45 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hce.msc' [0] 11.09.18 09:30:45 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\lna.msc' [0] 11.09.18 09:30:45 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\mbk.msc' [0] 11.09.18 09:30:45 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ntp.msc' [0] 11.09.18 09:30:45 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\post.msc' [0] 11.09.18 09:30:45 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\pp.msc' [0] 11.09.18 09:30:46 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\sc.msc' [0] 11.09.18 09:30:46 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.mtc', Part 1 [0] 11.09.18 09:30:46 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.msc' [0] 11.09.18 09:30:46 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\util.msc' [0] 11.09.18 09:30:46 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vdes.msc' [0] 11.09.18 09:30:46 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vrsa.msc' [0] 11.09.18 13:34:45 [ADMIN] FC:0x083 SFC:0x0E Add User 'COMMISSIONER' (COMMIS~0,0,00000002) [0] 11.09.18 19:24:03 [] FC:0x000 SFC: new ALARM detected: 0x80000080 (ext. erase) 11.09.18 19:26:05 [] FC:0x000 SFC: CryptoServer ERASE to factory setting 11.09.18 19:26:57 [ADMIN] FC:0x087 SFC:0x14 Reset Alarm [0] 12.09.18 09:12:10 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\adm.msc' [0] 12.09.18 09:12:10 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\aes.msc' [0] 12.09.18 09:12:10 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\asn1.msc' [0] 12.09.18 09:12:11 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cmds.msc' [0] 12.09.18 09:12:11 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.mtc', Part 1 [0] 12.09.18 09:12:11 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.msc' [0] 12.09.18 09:12:11 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\db.msc' [0] 12.09.18 09:12:11 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\dsa.msc' [0] 12.09.18 09:12:12 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\eca.msc' [0] 12.09.18 09:12:12 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ecdsa.msc' [0] 12.09.18 09:12:12 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\exar.msc' [0] 12.09.18 09:12:12 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hash.msc' [0] 12.09.18 09:12:12 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hce.msc' [0] 12.09.18 09:12:12 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\lna.msc' [0] 12.09.18 09:12:12 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\mbk.msc' [0] 12.09.18 09:12:12 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ntp.msc' [0] 12.09.18 09:12:12 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\post.msc' [0] 12.09.18 09:12:12 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\pp.msc' [0] 12.09.18 09:12:13 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\sc.msc' [0] 12.09.18 09:12:13 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.mtc', Part 1 [0] 12.09.18 09:12:13 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.msc' [0] 12.09.18 09:12:13 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\util.msc' [0] 12.09.18 09:12:13 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vdes.msc' [0] 12.09.18 09:12:13 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vrsa.msc' [0] 12.09.18 12:02:28 [ADMIN] FC:0x083 SFC:0x0E Add User 'COMMISSIONER' (COMMIS~0,0,00000002) [0] 12.09.18 15:02:20 [] FC:0x000 SFC: new ALARM detected: 0x80000080 (ext. erase) 12.09.18 15:02:51 [] FC:0x000 SFC: CryptoServer ERASE to factory setting 12.09.18 15:03:42 [ADMIN] FC:0x087 SFC:0x14 Reset Alarm [0] 12.09.18 15:05:14 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\adm.msc' [0] 12.09.18 15:05:15 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\aes.msc' [0] 12.09.18 15:05:15 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\asn1.msc' [0] 12.09.18 15:05:15 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cmds.msc' [0] 12.09.18 15:05:15 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.mtc', Part 1 [0] 12.09.18 15:05:15 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.msc' [0] 12.09.18 15:05:15 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\db.msc' [0] 12.09.18 15:05:15 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\dsa.msc' [0] 12.09.18 15:05:16 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\eca.msc' [0] 12.09.18 15:05:16 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ecdsa.msc' [0] 12.09.18 15:05:16 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\exar.msc' [0] 12.09.18 15:05:16 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hash.msc' [0] 12.09.18 15:05:16 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hce.msc' [0] 12.09.18 15:05:16 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\lna.msc' [0] 12.09.18 15:05:16 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\mbk.msc' [0] 12.09.18 15:05:16 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ntp.msc' [0] 12.09.18 15:05:16 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\post.msc' [0] 12.09.18 15:05:17 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\pp.msc' [0] 12.09.18 15:05:17 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\sc.msc' [0] 12.09.18 15:05:17 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.mtc', Part 1 [0] 12.09.18 15:05:17 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.msc' [0] 12.09.18 15:05:17 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\util.msc' [0] 12.09.18 15:05:17 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vdes.msc' [0] 12.09.18 15:05:17 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vrsa.msc' [0] 12.09.18 15:58:33 [ADMIN] FC:0x083 SFC:0x0E Add User 'COMMISSIONER' (COMMIS~0,0,00000002) [0] 13.09.18 09:16:02 [] FC:0x000 SFC: new ALARM detected: 0x80000080 (ext. erase) 13.09.18 09:21:29 [] FC:0x000 SFC: CryptoServer ERASE to factory setting 13.09.18 09:23:04 [ADMIN] FC:0x087 SFC:0x14 Reset Alarm [0] 13.09.18 09:26:51 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\adm.msc' [0] 13.09.18 09:26:51 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\aes.msc' [0] 13.09.18 09:26:51 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\asn1.msc' [0] 13.09.18 09:26:51 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cmds.msc' [0] 13.09.18 09:26:51 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.mtc', Part 1 [0] 13.09.18 09:26:52 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.msc' [0] 13.09.18 09:26:52 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\db.msc' [0] 13.09.18 09:26:52 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\dsa.msc' [0] 13.09.18 09:26:52 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\eca.msc' [0] 13.09.18 09:26:52 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ecdsa.msc' [0] 13.09.18 09:26:52 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\exar.msc' [0] 13.09.18 09:26:53 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hash.msc' [0] 13.09.18 09:26:53 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hce.msc' [0] 13.09.18 09:26:53 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\lna.msc' [0] 13.09.18 09:26:53 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\mbk.msc' [0] 13.09.18 09:26:53 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ntp.msc' [0] 13.09.18 09:26:53 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\post.msc' [0] 13.09.18 09:26:53 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\pp.msc' [0] 13.09.18 09:26:53 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\sc.msc' [0] 13.09.18 09:26:53 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.mtc', Part 1 [0] 13.09.18 09:26:54 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.msc' [0] 13.09.18 09:26:54 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\util.msc' [0] 13.09.18 09:26:54 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vdes.msc' [0] 13.09.18 09:26:54 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vrsa.msc' [0] 13.09.18 16:19:59 [ADMIN] FC:0x083 SFC:0x0E Add User 'COMMISSIONER' (COMMIS~0,0,00000002) [0] 13.09.18 21:41:09 [] FC:0x000 SFC: new ALARM detected: 0x80 (ext. erase) 13.09.18 21:42:31 [] FC:0x000 SFC: CryptoServer ERASE to factory setting 13.09.18 21:43:34 [ADMIN] FC:0x087 SFC:0x14 Reset Alarm [0] 13.09.18 21:45:31 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\adm.msc' [0] 13.09.18 21:45:31 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\aes.msc' [0] 13.09.18 21:45:31 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\asn1.msc' [0] 13.09.18 21:45:31 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cmds.msc' [0] 13.09.18 21:45:31 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.mtc', Part 1 [0] 13.09.18 21:45:31 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.msc' [0] 13.09.18 21:45:32 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\db.msc' [0] 13.09.18 21:45:32 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\dsa.msc' [0] 13.09.18 21:45:32 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\eca.msc' [0] 13.09.18 21:45:32 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ecdsa.msc' [0] 13.09.18 21:45:32 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\exar.msc' [0] 13.09.18 21:45:32 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hash.msc' [0] 13.09.18 21:45:32 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hce.msc' [0] 13.09.18 21:45:32 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\lna.msc' [0] 13.09.18 21:45:32 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\mbk.msc' [0] 13.09.18 21:45:33 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ntp.msc' [0] 13.09.18 21:45:33 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\post.msc' [0] 13.09.18 21:45:33 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\pp.msc' [0] 13.09.18 21:45:33 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\sc.msc' [0] 13.09.18 21:45:33 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.mtc', Part 1 [0] 13.09.18 21:45:33 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.msc' [0] 13.09.18 21:45:33 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\util.msc' [0] 13.09.18 21:45:33 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vdes.msc' [0] 13.09.18 21:45:34 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vrsa.msc' [0] 13.09.18 22:08:40 FC:0x087 SFC:0x07 Set Time [b087000f] 14.09.18 23:08:37 [ADMIN] FC:0x087 SFC:0x07 Set Time from 180913220904Z [0] 14.09.18 23:09:31 FC:0x087 SFC:0x07 Set Time [b087000f] 14.09.18 10:50:50 [ADMIN] FC:0x087 SFC:0x07 Set Time from 180915105439Z [0] # csadm Dev=root GetBootLog SMOS Ver. 5.5.9.1 (Aug 21 2018) started [0] FPGA Ver. 5.1.0.8 Hardware Rev. 5.1.4.0 Compiler Ver. 7.4.8 AIS31 compliant TRNG [default] Sensory Controller Ver. 2.0.0.31 [0/0] Real Random Number Generator initialized with: RESEED_INTERVAL = 1000 PREDICTION_RESISTANCE = 0 REALRANDOM_SHARE = 3 Pseudo Random Number Generator initialized with: RESEED_INTERVAL = 1000 PREDICTION_RESISTANCE = 0 REALRANDOM_SHARE = 0 CMDS: 1000 TPS module 0x89 (HASH) initialized successfully module 0x83 (CMDS) initialized successfully module 0x86 (UTIL) initialized successfully module 0x81 (VDES) initialized successfully !pci_init: no EXAR device detected [data = 0xffffffff] No Hardware Crypto Engine detected module 0x8e (LNA) initialized successfully module 0x84 (VRSA) initialized successfully PP: Setting PIN pad type to AUTO1 module 0x82 (PP) initialized successfully module 0x85 (SC) initialized successfully module 0x91 (ASN1) initialized successfully module 0x8d (DSA) initialized successfully module 0x8f (ECA) initialized successfully module 0x8b (AES) initialized successfully module 0x88 (DB) initialized successfully module 0x96 (MBK) initialized successfully module 0x9c (ECDSA) initialized successfully module 0x69 (MBK_EI) initialized successfully module 0x68 (CXI) initialized successfully module 0x04 (POST) initialized successfully module 0x87 (ADM) initialized successfully module 0x9a (NTP) initialized successfully # csadm Dev=root ListFirmware ID name type version initialization level ---------------------------------------------------------- 0 SMOS C64 5.5.9.1 INIT_OK 4 POST C64 1.0.0.2 INIT_OK a HCE C64 2.2.2.3 INIT_INACTIVE d EXAR C64 2.2.1.1 INIT_INACTIVE 68 CXI C64 2.3.0.5 INIT_OK 81 VDES C64 1.0.9.3 INIT_OK 82 PP C64 1.3.1.7 INIT_OK 83 CMDS C64 3.6.2.0 INIT_OK 84 VRSA C64 1.3.6.1 INIT_OK 85 SC C64 1.2.0.3 INIT_OK 86 UTIL C64 3.0.5.1 INIT_OK 87 ADM C64 3.0.25.5 INIT_OK 88 DB C64 1.3.2.2 INIT_OK 89 HASH C64 1.0.11.2 INIT_OK 8b AES C64 1.4.1.4 INIT_OK 8d DSA C64 1.2.3.3 INIT_OK 8e LNA C64 1.2.4.2 INIT_OK 8f ECA C64 1.1.12.4 INIT_OK 91 ASN1 C64 1.0.3.6 INIT_OK 96 MBK C64 2.2.8.2 INIT_OK 9a NTP C64 1.2.0.9 INIT_OK 9c ECDSA C64 1.1.16.1 INIT_OK # csd adm Dev=root GetState mode = Operational Mode state = INITIALIZED (0x00100004) temp = 26.6 [C] alarm = OFF bl_ver = 5.01.0.5 (Model: Se-Series Gen2) hw_ver = 5.01.4.0 uid = c000001a a948b101 | H adm1 = 53653132 20202020 43533636 30353436 | Se12 CS660546 adm2 = 53656375 72697479 53657276 65722020 | SecurityServer adm3 = 494e5354 414c4c45 44202020 20202020 | INSTALLED # csadm Dev=root CSLGetVersion CSLAN 4.5.5 # csadm Dev=rot ot ListUser Name Permission Mechanism Attributes ADMIN 22000000 RSA sign Z[0] # csadm Dev=root MBKListKeys slot name len algo type k generation date key check value ------------------------------------------------------------------------------------- # csadm MBKPINN Change=:cs2:cjo:USB0 # csadm MBKPINChange=:cs2:cjo:USB0 Error B91D60FB PIN pad API CCID errno = 251 # csadm MBKPINChange=:cs2:cjo:USB0 Error B91D60FB PIN pad API CCID errno = 251 # csadm MBKPINChange=:cs2:cjo:USB0 Error B91D60FB PIN pad API CCID errno = 251 # csadm MBKPINChange=:cs2:cjo:USB0 # csadm MBKPINChange=:cs2:cjo:USB0 # csadm MBKPINChange=:cs2:cjo:USB0 # csadm MBKPINChange=:cs2:cjo:USB0 Error B91D5047 PIN pad API USB errno = 71 # csadm MBKPINChange=:cs2:cjo:USB0 Error B91D5047 PIN pad API USB errno = 71 # csadm MBKPINChange=:cs2:cjo:USB0 # csadm MBKPINChange=:cs2:cjo:USB0 Error B9069018 CryptoServer admin library MBK tools bad pin repetition # csadm MBKPINChange=:cs2:cjo:USB0 # csadm Dev=root LogonSing  gn=ADMIN,tcn/    /tcn/hsm/key/ADMIN.key Key=:cs2:cjo:USB0,15 MBKGenerateKey=AES,32,6,3,tCN-Root # csadm Dev=root LogonSign=ADMIN,/tcn/hsm/key/ADMIN.key Key=:cs2:cjio  o:USB0,15 MBKImportKey=3 Error B91D5047 PIN pad API USB errno = 71 # csadm Dev=root LogonSign=ADMIN,/tcn/hsm/key/ADMIN.key Key=:cs2:cjo:USB0,15 MBKImportKey=3 # csadm Dev=root MBKListKey unknown option / command 'MBKListKey' Use 'csadm Help' to get a list of all legal commands # umount /medias # loadkeys ukhwclock --show # loadkeys uk            # csadm Dev=root MBKListKeys slot name len algo type k generation date key check value ------------------------------------------------------------------------------------- 3 tCN-Root 32 AES SHARE 3 18/09/14 11:11:25 69F70171C69F9044:039023B8DF068C5B # csadm Dev=subs CSLGetTime date: 15.09.2018 time: 11:31:06 (local time) date: 15.09.2018 time: 11:31:06 (UTC time) # csadm Dev=subs CSLGetTime=ask,$([1@SetTime=ask,$(date "+%Ym R %m%d%H%M%S@ ") Enter Passphrase: Time successfully set to: date: 14.09.2018 time: 11:28:17 (local time) date: 14.09.2018 time: 11:28:17 (UTC time) # csadm Dev=subs GetTime date: 14.09.2018 time: 10:34:14.664 (local time) date: 14.09.2018 time: 10:34:14.664 (UTC/internal) # csadm Dev=subs LogonSign=ADMIN,/tcn/hsm/key/ADMIN.key SetTime=GMT Time successfully set to: date: 14.09.2018 time: 11:29:11.007 (local time) date: 14.09.2018 time: 11:29:11.007 (UTC/internal) # csadm Dev=subs GetAudi  tid   ditConfig Audit log configuration parameters: Number of logfiles: 3 Rotate logfiles: yes Max filesize: 200000 Events: 0x00000007 (Bits 1:2:3) # csadm Dev=subs GetAuditLog 07.08.18 05:44:09 [ADMIN] FC:0x087 SFC:0x0B Clear Audit Files (0) [0] 07.08.18 05:44:09 [ADMIN] FC:0x087 SFC:0x04 Delete File 'FLASH\mdlsigalt.key' [0] 07.08.18 05:44:09 [] FC:0x000 SFC: CryptoServer ERASE executed 07.08.18 05:44:10 [ADMIN] FC:0x087 SFC:0x15 Clear [0] 07.08.18 05:44:10 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\adm.msc' [0] 07.08.18 05:44:10 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\aes.msc' [0] 07.08.18 05:44:10 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\asn1.msc' [0] 07.08.18 05:44:10 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cmds.msc' [0] 07.08.18 05:44:10 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.mtc', Part 1 [0] 07.08.18 05:44:11 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.msc' [0] 07.08.18 05:44:11 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\db.msc' [0] 07.08.18 05:44:11 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\dsa.msc' [0] 07.08.18 05:44:11 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\eca.msc' [0] 07.08.18 05:44:11 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ecdsa.msc' [0] 07.08.18 05:44:11 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\exar.msc' [0] 07.08.18 05:44:11 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hash.msc' [0] 07.08.18 05:44:11 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hce.msc' [0] 07.08.18 05:44:11 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\lna.msc' [0] 07.08.18 05:44:11 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\mbk.msc' [0] 07.08.18 05:44:11 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ntp.msc' [0] 07.08.18 05:44:12 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\post.msc' [0] 07.08.18 05:44:12 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\pp.msc' [0] 07.08.18 05:44:12 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\sc.msc' [0] 07.08.18 05:44:12 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.mtc', Part 1 [0] 07.08.18 05:44:12 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.msc' [0] 07.08.18 05:44:12 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\util.msc' [0] 07.08.18 05:44:12 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vdes.msc' [0] 07.08.18 05:44:12 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vrsa.msc' [0] 07.08.18 05:44:18 [] FC:0x000 SFC: SMOS Ver. 5.5.7.2 successfully started 07.08.18 05:44:43 [] FC:0x000 SFC: SMOS Ver. 5.5.7.2 successfully started 07.08.18 05:44:49 [ADMIN] FC:0x087 SFC:0x07 Set Time from 180807054449Z [0] 07.08.18 05:44:54 [] FC:0x000 SFC: SMOS Ver. 5.5.7.2 successfully started 07.08.18 05:52:23 FC:0x069 SFC:0x02 mbk_ei_import_aes_sc: AES-0 ' ΙΜ', slot 3 [b0960012] 29.08.18 12:37:49 [] FC:0x000 SFC: SMOS Ver. 5.5.7.2 successfully started 29.08.18 12:48:30 [] FC:0x000 SFC: SMOS Ver. 5.5.7.2 successfully started 30.08.18 13:20:58 FC:0x087 SFC:0x03 Load File '' [b087000f] 30.08.18 13:23:18 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\adm.msc' [0] 30.08.18 13:23:18 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\aes.msc' [0] 30.08.18 13:23:18 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\asn1.msc' [0] 30.08.18 13:23:19 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cmds.msc' [0] 30.08.18 13:23:19 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.mtc', Part 1 [0] 30.08.18 13:23:19 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.msc' [0] 30.08.18 13:23:19 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\db.msc' [0] 30.08.18 13:23:19 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\dsa.msc' [0] 30.08.18 13:23:20 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\eca.msc' [0] 30.08.18 13:23:20 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ecdsa.msc' [0] 30.08.18 13:23:20 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\exar.msc' [0] 30.08.18 13:23:20 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hash.msc' [0] 30.08.18 13:23:20 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\lna.msc' [0] 30.08.18 13:23:20 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\mbk.msc' [0] 30.08.18 13:23:20 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ntp.msc' [0] 30.08.18 13:23:21 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\post.msc' [0] 30.08.18 13:23:21 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.mtc', Part 1 [0] 30.08.18 13:23:21 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.msc' [0] 30.08.18 13:23:21 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\util.msc' [0] 30.08.18 13:23:21 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vdes.msc' [0] 30.08.18 13:23:21 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vrsa.msc' [0] 30.08.18 13:23:27 [] FC:0x000 SFC: SMOS Ver. 5.5.9.1 successfully started 30.08.18 13:44:20 FC:0x087 SFC:0x14 Reset Alarm [b087000f] 30.08.18 13:46:39 [] FC:0x000 SFC: new ALARM detected: 0x80 (ext. erase) 30.08.18 13:46:39 [] FC:0x000 SFC: SMOS Ver. 5.5.9.1 successfully started 30.08.18 13:46:49 [] FC:0x000 SFC: SMOS Ver. 5.5.9.1 successfully started 30.08.18 13:46:52 POST: DSA Cryptographic Algorithm Test skipped 30.08.18 13:48:45 [] FC:0x000 SFC: CryptoServer ERASE to factory setting 30.08.18 13:48:45 [] FC:0x000 SFC: SMOS Ver. 5.5.7.2 successfully started 30.08.18 13:48:49 POST: DSA Cryptographic Algorithm Test skipped 30.08.18 13:50:20 [] FC:0x000 SFC: SMOS Ver. 5.5.7.2 successfully started 30.08.18 13:50:23 POST: DSA Cryptographic Algorithm Test skipped 30.08.18 13:50:37 FC:0x087 SFC:0x14 Reset Alarm [b087000f] 30.08.18 13:51:15 [ADMIN] FC:0x087 SFC:0x14 Reset Alarm [0] 30.08.18 13:51:21 [] FC:0x000 SFC: SMOS Ver. 5.5.7.2 successfully started 30.08.18 13:51:24 POST: DSA Cryptographic Algorithm Test skipped 30.08.18 13:52:33 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\adm.msc' [0] 30.08.18 13:52:33 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\aes.msc' [0] 30.08.18 13:52:33 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\asn1.msc' [0] 30.08.18 13:52:33 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cmds.msc' [0] 30.08.18 13:52:33 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.mtc', Part 1 [0] 30.08.18 13:52:34 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.msc' [0] 30.08.18 13:52:34 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\db.msc' [0] 30.08.18 13:52:34 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\dsa.msc' [0] 30.08.18 13:52:34 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\eca.msc' [0] 30.08.18 13:52:34 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ecdsa.msc' [0] 30.08.18 13:52:34 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\exar.msc' [0] 30.08.18 13:52:34 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hash.msc' [0] 30.08.18 13:52:35 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hce.msc' [0] 30.08.18 13:52:35 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\lna.msc' [0] 30.08.18 13:52:35 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\mbk.msc' [0] 30.08.18 13:52:35 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ntp.msc' [0] 30.08.18 13:52:35 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\post.msc' [0] 30.08.18 13:52:35 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\pp.msc' [0] 30.08.18 13:52:35 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\sc.msc' [0] 30.08.18 13:52:35 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.mtc', Part 1 [0] 30.08.18 13:52:36 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.msc' [0] 30.08.18 13:52:36 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\util.msc' [0] 30.08.18 13:52:36 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vdes.msc' [0] 30.08.18 13:52:36 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vrsa.msc' [0] 30.08.18 13:52:41 [] FC:0x000 SFC: SMOS Ver. 5.5.9.1 successfully started 31.08.18 11:54:42 [ADMIN] FC:0x083 SFC:0x0E Add User 'COMMISSIONER' (COMMIS~0,3,00000004) [0] 31.08.18 13:17:50 [] FC:0x000 SFC: new ALARM detected: 0x80000080 (ext. erase) 31.08.18 13:17:50 [] FC:0x000 SFC: SMOS Ver. 5.5.9.1 successfully started 31.08.18 13:17:51 'COMMIS~0' authentication(3) failed, failure counter: 1 [b0830013] 31.08.18 13:17:54 POST: DSA Cryptographic Algorithm Test skipped 31.08.18 13:18:07 [] FC:0x000 SFC: SMOS Ver. 5.5.9.1 successfully started 31.08.18 13:18:10 POST: DSA Cryptographic Algorithm Test skipped 31.08.18 13:19:31 [] FC:0x000 SFC: SMOS Ver. 5.5.9.1 successfully started 31.08.18 13:19:34 POST: DSA Cryptographic Algorithm Test skipped 31.08.18 13:34:59 [] FC:0x000 SFC: SMOS Ver. 5.5.9.1 successfully started 31.08.18 13:35:02 POST: DSA Cryptographic Algorithm Test skipped 31.08.18 13:38:06 [] FC:0x000 SFC: SMOS Ver. 5.5.9.1 successfully started 31.08.18 13:38:09 POST: DSA Cryptographic Algorithm Test skipped 31.08.18 13:38:33 [] FC:0x000 SFC: SMOS Ver. 5.5.9.1 successfully started 31.08.18 13:38:37 POST: DSA Cryptographic Algorithm Test skipped 31.08.18 13:58:07 [ADMIN] FC:0x087 SFC:0x14 Reset Alarm [0] 31.08.18 13:58:13 [] FC:0x000 SFC: SMOS Ver. 5.5.9.1 successfully started 31.08.18 14:20:53 [ADMIN] FC:0x087 SFC:0x1A change audit config param id:4(Events ) from:0x0000073F to:0x00000007 [0] 03.09.18 09:27:40 [] FC:0x000 SFC: new ALARM detected: 0x80000080 (ext. erase) 03.09.18 10:00:15 [ADMIN] FC:0x087 SFC:0x14 Reset Alarm [0] 03.09.18 13:21:33 [] FC:0x000 SFC: new ALARM detected: 0x80000080 (ext. erase) 03.09.18 13:31:41 [] FC:0x000 SFC: CryptoServer ERASE to factory setting 03.09.18 13:32:12 FC:0x087 SFC:0x14 Reset Alarm [b087000f] 03.09.18 13:32:47 [ADMIN] FC:0x087 SFC:0x14 Reset Alarm [0] 03.09.18 13:34:40 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\adm.msc' [0] 03.09.18 13:34:41 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\aes.msc' [0] 03.09.18 13:34:41 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\asn1.msc' [0] 03.09.18 13:34:41 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cmds.msc' [0] 03.09.18 13:34:41 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.mtc', Part 1 [0] 03.09.18 13:34:41 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.msc' [0] 03.09.18 13:34:41 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\db.msc' [0] 03.09.18 13:34:42 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\dsa.msc' [0] 03.09.18 13:34:42 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\eca.msc' [0] 03.09.18 13:34:42 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ecdsa.msc' [0] 03.09.18 13:34:42 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\exar.msc' [0] 03.09.18 13:34:42 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hash.msc' [0] 03.09.18 13:34:42 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hce.msc' [0] 03.09.18 13:34:42 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\lna.msc' [0] 03.09.18 13:34:43 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\mbk.msc' [0] 03.09.18 13:34:43 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ntp.msc' [0] 03.09.18 13:34:43 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\post.msc' [0] 03.09.18 13:34:43 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\pp.msc' [0] 03.09.18 13:34:43 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\sc.msc' [0] 03.09.18 13:34:43 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.mtc', Part 1 [0] 03.09.18 13:34:43 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.msc' [0] 03.09.18 13:34:43 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\util.msc' [0] 03.09.18 13:34:43 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vdes.msc' [0] 03.09.18 13:34:44 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vrsa.msc' [0] 03.09.18 13:47:28 [ADMIN] FC:0x083 SFC:0x0E Add User 'COMMISSIONER' (COMMIS~0,3,00000002) [0] 03.09.18 16:31:07 [ADMIN] FC:0x083 SFC:0x0E Add User 'COMMISSIONER2' (COMMIS~1,4,00000002) [0] 03.09.18 16:44:30 [ADMIN] FC:0x083 SFC:0x0E Add User 'COMMISSIONER3' (COMMIS~2,3,00000002) [0] 04.09.18 13:43:58 [ADMIN] FC:0x083 SFC:0x0E Add User 'kit' (-,0,00000002) [0] 04.09.18 13:44:07 [ADMIN] FC:0x083 SFC:0x05 Delete User 'kit ' [0] 04.09.18 13:45:02 [ADMIN] FC:0x083 SFC:0x0E Add User 'KIT' (-,0,00000002) [0] 05.09.18 13:30:17 [ADMIN] FC:0x083 SFC:0x0E Add User 'KIT2' (-,3,00000002) [0] 05.09.18 15:23:32 [ADMIN] FC:0x083 SFC:0x0E Add User 'K1' (-,0,00000002) [0] 05.09.18 15:26:06 [ADMIN] FC:0x083 SFC:0x0E Add User 'K2' (-,0,00000002) [0] 05.09.18 16:08:08 [ADMIN] FC:0x083 SFC:0x0E Add User 'K3' (-,0,00000002) [0] 06.09.18 17:26:08 [] FC:0x000 SFC: new ALARM detected: 0x80 (ext. erase) 06.09.18 17:36:58 [ADMIN] FC:0x087 SFC:0x14 Reset Alarm [0] 06.09.18 18:03:24 [] FC:0x000 SFC: CryptoServer ERASE executed 06.09.18 18:03:25 [ADMIN] FC:0x087 SFC:0x15 Clear [0] 06.09.18 18:03:25 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\adm.msc' [0] 06.09.18 18:03:25 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\aes.msc' [0] 06.09.18 18:03:25 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\asn1.msc' [0] 06.09.18 18:03:25 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cmds.msc' [0] 06.09.18 18:03:25 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.mtc', Part 1 [0] 06.09.18 18:03:26 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.msc' [0] 06.09.18 18:03:26 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\db.msc' [0] 06.09.18 18:03:26 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\dsa.msc' [0] 06.09.18 18:03:26 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\eca.msc' [0] 06.09.18 18:03:26 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ecdsa.msc' [0] 06.09.18 18:03:26 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\exar.msc' [0] 06.09.18 18:03:27 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hash.msc' [0] 06.09.18 18:03:27 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hce.msc' [0] 06.09.18 18:03:27 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\lna.msc' [0] 06.09.18 18:03:27 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\mbk.msc' [0] 06.09.18 18:03:27 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ntp.msc' [0] 06.09.18 18:03:27 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\post.msc' [0] 06.09.18 18:03:27 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\pp.msc' [0] 06.09.18 18:03:27 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\sc.msc' [0] 06.09.18 18:03:28 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.mtc', Part 1 [0] 06.09.18 18:03:28 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.msc' [0] 06.09.18 18:03:28 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\util.msc' [0] 06.09.18 18:03:28 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vdes.msc' [0] 06.09.18 18:03:28 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vrsa.msc' [0] 07.09.18 14:26:02 [ADMIN] FC:0x083 SFC:0x0E Add User 'CO1' (-,0,00000001) [0] 07.09.18 14:28:01 [ADMIN] FC:0x083 SFC:0x0E Add User 'CO2' (-,0,00000001) [0] 10.09.18 13:12:38 [] FC:0x000 SFC: new ALARM detected: 0x80 (ext. erase) 10.09.18 13:13:17 [] FC:0x000 SFC: CryptoServer ERASE to factory setting 10.09.18 13:14:04 FC:0x087 SFC:0x14 Reset Alarm [b087000f] 10.09.18 13:15:26 FC:0x087 SFC:0x14 Reset Alarm [b087000f] 10.09.18 13:19:30 [ADMIN] FC:0x087 SFC:0x14 Reset Alarm [0] 10.09.18 13:47:16 [ADMIN] FC:0x087 SFC:0x14 Reset Alarm [b0000107] 10.09.18 13:50:39 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\adm.msc' [0] 10.09.18 13:50:40 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\aes.msc' [0] 10.09.18 13:50:40 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\asn1.msc' [0] 10.09.18 13:50:40 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cmds.msc' [0] 10.09.18 13:50:40 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.mtc', Part 1 [0] 10.09.18 13:50:40 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.msc' [0] 10.09.18 13:50:40 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\db.msc' [0] 10.09.18 13:50:41 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\dsa.msc' [0] 10.09.18 13:50:41 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\eca.msc' [0] 10.09.18 13:50:41 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ecdsa.msc' [0] 10.09.18 13:50:41 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\exar.msc' [0] 10.09.18 13:50:41 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hash.msc' [0] 10.09.18 13:50:41 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hce.msc' [0] 10.09.18 13:50:41 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\lna.msc' [0] 10.09.18 13:50:41 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\mbk.msc' [0] 10.09.18 13:50:41 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ntp.msc' [0] 10.09.18 13:50:42 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\post.msc' [0] 10.09.18 13:50:42 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\pp.msc' [0] 10.09.18 13:50:42 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\sc.msc' [0] 10.09.18 13:50:42 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.mtc', Part 1 [0] 10.09.18 13:50:42 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.msc' [0] 10.09.18 13:50:42 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\util.msc' [0] 10.09.18 13:50:42 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vdes.msc' [0] 10.09.18 13:50:42 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vrsa.msc' [0] 10.09.18 16:46:10 [ADMIN] FC:0x083 SFC:0x0E Add User 'SUPER' (-,0,ffffffff) [0] 10.09.18 16:49:17 [] FC:0x000 SFC: new ALARM detected: 0x80000080 (ext. erase) 10.09.18 16:51:15 [] FC:0x000 SFC: CryptoServer ERASE to factory setting 10.09.18 16:52:03 [ADMIN] FC:0x087 SFC:0x14 Reset Alarm [0] 10.09.18 16:55:00 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\adm.msc' [0] 10.09.18 16:55:00 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\aes.msc' [0] 10.09.18 16:55:00 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\asn1.msc' [0] 10.09.18 16:55:01 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cmds.msc' [0] 10.09.18 16:55:01 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.mtc', Part 1 [0] 10.09.18 16:55:01 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.msc' [0] 10.09.18 16:55:01 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\db.msc' [0] 10.09.18 16:55:01 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\dsa.msc' [0] 10.09.18 16:55:02 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\eca.msc' [0] 10.09.18 16:55:02 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ecdsa.msc' [0] 10.09.18 16:55:02 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\exar.msc' [0] 10.09.18 16:55:02 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hash.msc' [0] 10.09.18 16:55:02 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hce.msc' [0] 10.09.18 16:55:02 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\lna.msc' [0] 10.09.18 16:55:02 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\mbk.msc' [0] 10.09.18 16:55:02 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ntp.msc' [0] 10.09.18 16:55:02 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\post.msc' [0] 10.09.18 16:55:02 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\pp.msc' [0] 10.09.18 16:55:03 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\sc.msc' [0] 10.09.18 16:55:03 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.mtc', Part 1 [0] 10.09.18 16:55:03 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.msc' [0] 10.09.18 16:55:03 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\util.msc' [0] 10.09.18 16:55:03 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vdes.msc' [0] 10.09.18 16:55:03 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vrsa.msc' [0] 11.09.18 12:20:55 [ADMIN] FC:0x083 SFC:0x0E Add User 'SUPER' (-,0,ffffffff) [0] 11.09.18 12:22:25 [SUPER] FC:0x083 SFC:0x05 Delete User 'ADMIN ' [0] 11.09.18 13:06:05 [SUPER] FC:0x087 SFC:0x03 Load File 'FLASH\mdlsigalt.key' [0] 11.09.18 13:12:13 [SUPER] FC:0x087 SFC:0x03 Load File 'FLASH\cmds.scf' [0] 11.09.18 13:21:39 [SUPER] FC:0x083 SFC:0x0E Add User 'HSMAdmin1' (HSMAdm~0,0,22022000) [0] 11.09.18 13:24:00 [SUPER] FC:0x083 SFC:0x0E Add User 'HSMOversight1' (HSMOve~0,0,22020020) [0] 11.09.18 15:38:15 [HSMOve~0,HSMAdm~0] FC:0x083 SFC:0x0E Add User 'COMMISSIONER' (COMMIS~0,0,00000002) [0] 11.09.18 15:45:42 [HSMOve~0,HSMAdm~0] FC:0x083 SFC:0x0E Add User 'CO1' (-,0,00000001) [0] 11.09.18 15:46:43 [HSMOve~0,HSMAdm~0] FC:0x083 SFC:0x0E Add User 'CO2' (-,0,00000001) [0] 11.09.18 18:59:31 [HSMOve~0,HSMAdm~0] FC:0x083 SFC:0x05 Delete User 'SUPER ' [0] 11.09.18 19:00:15 [HSMOve~0,HSMAdm~0] FC:0x083 SFC:0x05 Delete User 'COMMISSIONER' [0] 12.09.18 11:18:28 [] FC:0x000 SFC: new ALARM detected: 0x80 (ext. erase) 12.09.18 11:21:09 [] FC:0x000 SFC: CryptoServer ERASE to factory setting 12.09.18 11:21:22 [ADMIN] FC:0x087 SFC:0x14 Reset Alarm [0] 12.09.18 11:23:09 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\adm.msc' [0] 12.09.18 11:23:09 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\aes.msc' [0] 12.09.18 11:23:09 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\asn1.msc' [0] 12.09.18 11:23:09 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cmds.msc' [0] 12.09.18 11:23:09 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.mtc', Part 1 [0] 12.09.18 11:23:10 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.msc' [0] 12.09.18 11:23:10 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\db.msc' [0] 12.09.18 11:23:10 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\dsa.msc' [0] 12.09.18 11:23:10 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\eca.msc' [0] 12.09.18 11:23:10 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ecdsa.msc' [0] 12.09.18 11:23:10 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\exar.msc' [0] 12.09.18 11:23:11 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hash.msc' [0] 12.09.18 11:23:11 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hce.msc' [0] 12.09.18 11:23:11 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\lna.msc' [0] 12.09.18 11:23:11 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\mbk.msc' [0] 12.09.18 11:23:11 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ntp.msc' [0] 12.09.18 11:23:11 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\post.msc' [0] 12.09.18 11:23:11 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\pp.msc' [0] 12.09.18 11:23:11 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\sc.msc' [0] 12.09.18 11:23:11 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.mtc', Part 1 [0] 12.09.18 11:23:12 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.msc' [0] 12.09.18 11:23:12 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\util.msc' [0] 12.09.18 11:23:12 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vdes.msc' [0] 12.09.18 11:23:12 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vrsa.msc' [0] 12.09.18 11:54:28 [ADMIN] FC:0x083 SFC:0x0E Add User 'SUPER' (-,0,ffffffff) [0] 12.09.18 11:57:52 [SUPER] FC:0x083 SFC:0x05 Delete User 'ADMIN ' [0] 12.09.18 13:41:40 [SUPER] FC:0x083 SFC:0x0E Add User 'HSMAdmin1' (HSMAdm~0,0,22022000) [0] 12.09.18 13:43:23 [SUPER] FC:0x083 SFC:0x0E Add User 'HSMOversight1' (HSMOve~0,0,22020020) [0] 12.09.18 13:48:38 [SUPER] FC:0x087 SFC:0x03 Load File 'FLASH\mdlsigalt.key' [0] 12.09.18 13:49:43 [SUPER] FC:0x087 SFC:0x03 Load File 'FLASH\cmds.scf' [0] 12.09.18 14:03:03 [HSMOve~0,HSMAdm~0] FC:0x083 SFC:0x0E Add User 'COMMISSIONER' (COMMIS~0,0,00000002) [0] 12.09.18 14:10:26 [HSMOve~0,HSMAdm~0] FC:0x083 SFC:0x05 Delete User 'COMMISSIONER' [0] 12.09.18 14:11:19 [HSMOve~0,HSMAdm~0] FC:0x083 SFC:0x0E Add User 'COMMISSIONER' (COMMIS~0,0,00000002) [0] 12.09.18 14:50:19 [HSMOve~0,HSMAdm~0] FC:0x083 SFC:0x05 Delete User 'SUPER ' [0] 12.09.18 14:50:51 [HSMOve~0,HSMAdm~0] FC:0x083 SFC:0x05 Delete User 'COMMISSIONER' [0] 13.09.18 09:55:34 [] FC:0x000 SFC: new ALARM detected: 0x80 (ext. erase) 13.09.18 09:56:20 [] FC:0x000 SFC: CryptoServer ERASE to factory setting 13.09.18 10:02:15 [ADMIN] FC:0x087 SFC:0x14 Reset Alarm [0] 13.09.18 10:05:01 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\adm.msc' [0] 13.09.18 10:05:01 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\aes.msc' [0] 13.09.18 10:05:01 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\asn1.msc' [0] 13.09.18 10:05:02 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cmds.msc' [0] 13.09.18 10:05:02 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.mtc', Part 1 [0] 13.09.18 10:05:02 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.msc' [0] 13.09.18 10:05:02 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\db.msc' [0] 13.09.18 10:05:02 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\dsa.msc' [0] 13.09.18 10:05:02 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\eca.msc' [0] 13.09.18 10:05:03 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ecdsa.msc' [0] 13.09.18 10:05:03 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\exar.msc' [0] 13.09.18 10:05:03 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hash.msc' [0] 13.09.18 10:05:03 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hce.msc' [0] 13.09.18 10:05:03 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\lna.msc' [0] 13.09.18 10:05:03 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\mbk.msc' [0] 13.09.18 10:05:03 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ntp.msc' [0] 13.09.18 10:05:03 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\post.msc' [0] 13.09.18 10:05:03 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\pp.msc' [0] 13.09.18 10:05:04 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\sc.msc' [0] 13.09.18 10:05:04 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.mtc', Part 1 [0] 13.09.18 10:05:04 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.msc' [0] 13.09.18 10:05:04 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\util.msc' [0] 13.09.18 10:05:04 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vdes.msc' [0] 13.09.18 10:05:04 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vrsa.msc' [0] 13.09.18 14:25:06 [ADMIN] FC:0x083 SFC:0x0E Add User 'SUPER' (-,0,ffffffff) [0] 13.09.18 14:29:39 [ADMIN] FC:0x083 SFC:0x05 Delete User 'SUPER ' [0] 13.09.18 14:30:58 [ADMIN] FC:0x083 SFC:0x0E Add User 'SUPER' (-,0,ffffffff) [0] 13.09.18 14:31:45 [SUPER] FC:0x083 SFC:0x05 Delete User 'ADMIN ' [0] 13.09.18 15:32:14 [SUPER] FC:0x083 SFC:0x0E Add User 'HSMAdmin1' (HSMAdm~0,0,22022000) [0] 13.09.18 15:34:26 [SUPER] FC:0x083 SFC:0x0E Add User 'HSMAdmin1' (-,0,22022000) [b083000f] 13.09.18 15:35:27 [SUPER] FC:0x083 SFC:0x05 Delete User 'HSMAdmin1' [0] 13.09.18 15:35:47 [SUPER] FC:0x083 SFC:0x0E Add User 'HSMAdmin1' (HSMAdm~0,0,22022000) [0] 13.09.18 15:38:04 [SUPER] FC:0x083 SFC:0x0E Add User 'HSMAdmin2' (HSMAdm~1,0,22022000) [0] 13.09.18 15:42:42 [SUPER] FC:0x083 SFC:0x0E Add User 'HSMOversight1' (HSMOve~0,0,22020020) [0] 13.09.18 15:44:11 [SUPER] FC:0x083 SFC:0x0E Add User 'HSMOversight2' (HSMOve~1,0,22020020) [0] 13.09.18 15:59:19 [HSMOve~0,HSMAdm~0] FC:0x083 SFC:0x0E Add User 'CO1' (-,0,00000001) [0] 13.09.18 16:05:44 [HSMOve~0,HSMAdm~0] FC:0x083 SFC:0x0E Add User 'CO2' (-,0,00000001) [0] 13.09.18 16:13:25 [SUPER] FC:0x087 SFC:0x03 Load File 'FLASH\mdlsigalt.key' [0] 13.09.18 16:14:20 [SUPER] FC:0x087 SFC:0x03 Load File 'FLASH\cmds.scf' [0] 13.09.18 18:02:24 [HSMOve~0,HSMAdm~0] FC:0x083 SFC:0x0E Add User 'COMMISSIONER' (COMMIS~0,0,00000002) [0] 13.09.18 22:13:55 [] FC:0x000 SFC: new ALARM detected: 0x80000080 (ext. erase) 13.09.18 22:16:13 [] FC:0x000 SFC: CryptoServer ERASE to factory setting 13.09.18 22:17:04 [ADMIN] FC:0x087 SFC:0x14 Reset Alarm [0] 13.09.18 22:19:33 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\adm.msc' [0] 13.09.18 22:19:33 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\aes.msc' [0] 13.09.18 22:19:33 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\asn1.msc' [0] 13.09.18 22:19:33 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cmds.msc' [0] 13.09.18 22:19:33 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.mtc', Part 1 [0] 13.09.18 22:19:33 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\cxi.msc' [0] 13.09.18 22:19:34 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\db.msc' [0] 13.09.18 22:19:34 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\dsa.msc' [0] 13.09.18 22:19:34 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\eca.msc' [0] 13.09.18 22:19:34 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ecdsa.msc' [0] 13.09.18 22:19:34 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\exar.msc' [0] 13.09.18 22:19:34 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hash.msc' [0] 13.09.18 22:19:34 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\hce.msc' [0] 13.09.18 22:19:34 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\lna.msc' [0] 13.09.18 22:19:35 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\mbk.msc' [0] 13.09.18 22:19:35 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\ntp.msc' [0] 13.09.18 22:19:35 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\post.msc' [0] 13.09.18 22:19:35 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\pp.msc' [0] 13.09.18 22:19:35 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\sc.msc' [0] 13.09.18 22:19:35 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.mtc', Part 1 [0] 13.09.18 22:19:35 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\smos.msc' [0] 13.09.18 22:19:35 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\util.msc' [0] 13.09.18 22:19:35 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vdes.msc' [0] 13.09.18 22:19:36 [ADMIN] FC:0x087 SFC:0x03 Load File 'FLASH\vrsa.msc' [0] 14.09.18 11:29:11 [ADMIN] FC:0x087 SFC:0x07 Set Time from 180914103451Z [0] # csadm Dev=subs GetBootLog SMOS Ver. 5.5.9.1 (Aug 21 2018) started [0] FPGA Ver. 5.1.0.8 Hardware Rev. 5.1.4.0 Compiler Ver. 7.4.8 AIS31 compliant TRNG [default] Sensory Controller Ver. 2.0.0.31 [0/0] Real Random Number Generator initialized with: RESEED_INTERVAL = 1000 PREDICTION_RESISTANCE = 0 REALRANDOM_SHARE = 3 Pseudo Random Number Generator initialized with: RESEED_INTERVAL = 1000 PREDICTION_RESISTANCE = 0 REALRANDOM_SHARE = 0 CMDS: 1000 TPS module 0x89 (HASH) initialized successfully module 0x83 (CMDS) initialized successfully module 0x86 (UTIL) initialized successfully module 0x81 (VDES) initialized successfully !pci_init: no EXAR device detected [data = 0xffffffff] No Hardware Crypto Engine detected module 0x8e (LNA) initialized successfully module 0x84 (VRSA) initialized successfully PP: Setting PIN pad type to AUTO1 module 0x82 (PP) initialized successfully module 0x85 (SC) initialized successfully module 0x91 (ASN1) initialized successfully module 0x8d (DSA) initialized successfully module 0x8f (ECA) initialized successfully module 0x8b (AES) initialized successfully module 0x88 (DB) initialized successfully module 0x96 (MBK) initialized successfully module 0x9c (ECDSA) initialized successfully module 0x69 (MBK_EI) initialized successfully module 0x68 (CXI) initialized successfully module 0x04 (POST) initialized successfully module 0x87 (ADM) initialized successfully module 0x9a (NTP) initialized successfully # csadm Dev=subs ListFirmware ID name type version initialization level ---------------------------------------------------------- 0 SMOS C64 5.5.9.1 INIT_OK 4 POST C64 1.0.0.2 INIT_OK a HCE C64 2.2.2.3 INIT_INACTIVE d EXAR C64 2.2.1.1 INIT_INACTIVE 68 CXI C64 2.3.0.5 INIT_OK 81 VDES C64 1.0.9.3 INIT_OK 82 PP C64 1.3.1.7 INIT_OK 83 CMDS C64 3.6.2.0 INIT_OK 84 VRSA C64 1.3.6.1 INIT_OK 85 SC C64 1.2.0.3 INIT_OK 86 UTIL C64 3.0.5.1 INIT_OK 87 ADM C64 3.0.25.5 INIT_OK 88 DB C64 1.3.2.2 INIT_OK 89 HASH C64 1.0.11.2 INIT_OK 8b AES C64 1.4.1.4 INIT_OK 8d DSA C64 1.2.3.3 INIT_OK 8e LNA C64 1.2.4.2 INIT_OK 8f ECA C64 1.1.12.4 INIT_OK 91 ASN1 C64 1.0.3.6 INIT_OK 96 MBK C64 2.2.8.2 INIT_OK 9a NTP C64 1.2.0.9 INIT_OK 9c ECDSA C64 1.1.16.1 INIT_OK # csadm Dev=subs GetState mode = Operational Mode state = INITIALIZED (0x00100004) temp = 27.7 [C] alarm = OFF bl_ver = 5.01.0.5 (Model: Se-Series Gen2) hw_ver = 5.01.4.0 uid = 7800001a a95b4a01 | x [J adm1 = 53653132 20202020 43533636 30353537 | Se12 CS660557 adm2 = 53656375 72697479 53657276 65722020 | SecurityServer adm3 = 494e5354 414c4c45 44202020 20202020 | INSTALLED # csadm Devs=  =subs CSLGetVersion CSLAN 4.5.5 # csadm Dev=subs CSLGetVersion             ListUser Name Permission Mechanism Attributes ADMIN 22000000 RSA sign Z[0] # csadm Dev=subs MBKListKeys slot name len algo type k generation date key check value ------------------------------------------------------------------------------------- # ssh subs -l cslagent The authenticity of host 'subs (192.168.4.204)' can't be established. ECDSA key fingerprint is SHA256:eO4SLcsjiZG/dZyo2wpjh2L7mKwbzEo3scC0UWZaIkM. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'subs,192.168.4.204' (ECDSA) to the list of known hosts. cslagent@subs's password: Last login: Fri Sep 14 23:34:03 2018 from 192.168.4.200 cslagent@CryptoServer:~$ su Password: bash-4.3# passwd Changing password for root Enter the new password (minimum of 5 characters) Please use a combination of upper and lower case letters and numbers. New password: Re-enter new password: passwd: password changed. bash-4.3# exit exit cslagent@CryptoServer:~$ passwd Changing password for cslagent Old password: Enter the new password (minimum of 5 characters) Please use a combination of upper and lower case letters and numbers. New password: Re-enter new password: passwd: password changed. cslagent@CryptoServer:~$ exit logout Connection to subs closed. # csadm Dev=subs LogonSign=ADMIN,/tcn/hsm/key/ADMIN.key ADD  ddUser=SUPER,FFFFFFFF{CXO I_GROUP=& *},  rsasign,:uc  cs2: , :cjo:USB0                                                                                                               csadm ChangePing   =:cs2:cjo:USB0 # csadm Dev=subs LogonSign=ADMIN,/tcn/hsm/key/ADMIN.key AddUser=SUPER,FFFFFFFF{CXI_GROUIP  P=*},rsasign,:cs2:cjo:USB0 # csadm Dev=subs LogonSign=SUPER,cs  :cs2:cjo:USB0 Det let  ete  teUser=ADMIN # csadm Dev=subs ListUsers Name Permission Mechanism Attributes SUPER ffffffff RSA sign Z[0]A[CXI_GROUP=*] # csadm MBKPING Change=:cs2:cjo:USB0 # csadm MBKPINChange=:cs2:cjo:USB0 Error B91D0013 PIN pad API no smartcard inserted # csadm MBKPINChange=:cs2:cjo:USB0 # csadm MBKPINChange=:cs2:cjo:USB0 Error B9069018 CryptoServer admin library MBK tools bad pin repetition # csadm MBKPINChange=:cs2:cjo:USB0 # csadm MBKPINChange=:cs2:cjo:USB0 # csadm MBKPINChange=:cs2:cjo:USB0 # csadm MBKPINChange=:cs2:cjo:USB0 # csadm Dev=subs LogonSign=SUPER,:cs2:cjo:USB0 Key=:cs2:cjo:USB0,15 MBKGenerateKy ey=AES,23  32,6,3,tc CN-subs # csadm Dev=subs Logn onSign=SUER PE   PER,:cs2j :cs jo:USB0 Key=:cs2:cjo:USB0,15 MBKImportKey=3 # csadm Dev=subs MBKListKey unknown option / command 'MBKListKey' Use 'csadm Help' to get a list of all legal commands # umount /mediasss               csadm Dev=subs MBKLisyKey    t tKeys slot name len algo type k generation date key check value ------------------------------------------------------------------------------------- 3 tCN-subs 32 AES SHARE 3 18/09/14 11:54:24 9397B0216EBEF1DE:C857CC7C2286E037 # csadm ChangePin=:cs2:cjo:USB0 # csadm Dev=subs LogonSign=SUPER: ,:cs2:cjo:USb B0 AddUser=HSMAdmin1,22022000{CXI_GROUP=*},rsasign,:cs2:cjo:USB0 # csadm Dev=subs LogonSign=SUPER,:cs2:cjo:USB0 AddUser=HSMAdmin1,22022000{CXI_GROUP=*},rsasign,:cs2:cjo:USB0 # csadm ChangePin=:cs2:cjo:USB0 # csadm ChangePin=:cs2:cjo:USB0 # csadm [77@Dev=subs LogonSign=SUPER,:cs2:cjo:USB0 AddUser=HSMAdmin1,22022000{CXI_GROUP=*},rsasign,:cs2:cjo:USB011[1@2 # csadm Dev=subs LogonSign=SUPER,:cs2:cjo:USB0 AddUser=HSMAdmin2,22022000{CXI_GROUP=*},rsasign,:cs2:cjo:USB0 # csadm ChangePin=:cs2:cjo:USB0 # ca sadm Dev=subs LogonSign=SUPOER   ER,:cs2:cjo:USB0 AddUser=HSMOversigth  ht1,22020020{CXI_GRIP  OUP=*},rsasign,:cs2:cjo:USB0 # csadm Dev=subs LogonSign=SUPER,:cs2:cjo:USB0 AddUser=HSMOversight1,22020020{CXI_GROUP=*},rsasign,:cs2:cjo:USB0 # csadm ChangePin=:cs2:cjo:USB0 # csadm ChangePin=:cs2:cjo:USB0 # csadm [81@Dev=subs LogonSign=SUPER,:cs2:cjo:USB0 AddUser=HSMOversight1,22020020{CXI_GROUP=*},rsasign,:cs2:cjo:USB0[1@2 # cd sadm Dev=subs ListUsers Name Permission Mechanism Attributes HSMAdmin1 22022000 RSA sign A[CXI_GROUP=*] HSMAdmin2 22022000 RSA sign A[CXI_GROUP=*] HSMOversight1 22020020 RSA sign A[CXI_GROUP=*] HSMOversight2 22020020 RSA sign A[CXI_GROUP=*] SUPER ffffffff RSA sign Z[0]A[CXI_GROUP=*] # csadm Dev=subs LogonSign=SUPER,:cs2:cjo:USB0 LoadAltMdlSign Key=/tcn/hsm/MDL_PUB.key # csadm Dev=sus bs LogonSign=SUPER,:cs2:cjo:USB0 LoadL File=/tcn/hsm/cmds.c scf # csadm Dev=subs Restart # csadm Dev- =subs ListUsers Name Permission Mechanism Attributes HSMAdmin1 22022000 RSA sign A[CXI_GROUP=*] HSMAdmin2 22022000 RSA sign A[CXI_GROUP=*] HSMOversight1 22020020 RSA sign A[CXI_GROUP=*] HSMOversight2 22020020 RSA sign A[CXI_GROUP=*] SUPER ffffffff RSA sign Z[0]A[CXI_GROUP=*] # c s csadm ChangePin=:cs2:cjo:USB0 # cd sadm Dev=root LogonSign=ADMIN,/tcn/hsm/key/ADMIN.key AddUser=COMMISSIONER,00000002{CXI_GRI OP                 00000002{CXI_GROUP=TCN.*}  ,rsasign,:cs2:cjo:USB ^C # csadm Dev=root LogonSign=ADMIN,/tcn/hsm/key/ADMIN.key AddUser=COMMISSIONER,00000002{CXI_GROUP=TCN.*},rsasign,:cs2:cjo:USB0 Error B91D5047 PIN pad API USB errno = 71 # csadm Dev=root LogonSign=ADMIN,/tcn/hsm/key/ADMIN.key AddUser=COMMISSIONER,00000002{CXI_GROUP=TCN.*},rsasign,:cs2:cjo:USB0 # csad  adm Dev=roor t ListUsers Name Permission Mechanism Attributes ADMIN 22000000 RSA sign Z[0] COMMISSIONER 00000002 RSA sign A[CXI_GROUP=TCN.*] # cd /tcn/sign/ # cat root-hsm-operations.sh #!/bin/bash usage () { echo "Please select just one from following options:" echo "" for op in ${OPERATIONS[@]} do echo $op done exit 1 } OPERATIONS=(key-csr-generator csr-signer cert-updater crl-generator) if (( $# != 1 )) then echo ">> Wrong number of arguemnts <<" usage fi if [[ ! ${OPERATIONS[@]} =~ "${1}" ]] then echo ">> Wrong arguemnts <<" usage fi operation=$1 $JAVA_HOME/bin/java -jar /tcn/sign/utilities.jar $operation --config-file root-$operation.conf # cat root-key-csr-generator.conf keyStoreConfig = { hsmHost = root hsmPort = 288 userConfigs = [ { username = "COMMISSIONER" mode = CARD_READER device = ":cs2:cjo:USB0" } ] } keyConfig = { keyGroup = "TCN.ROOT" keySpecifier = 1 keyAlias = "rootca" storeKeysExternal = false keyOverride = 0 keyExport = 1 keyCurve = "NIST-P256" keyGenMechanism = 4 } subject = "CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US" csrFile = "root.csr" # ./root-hsm-operations.sh key= -csr-generator Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Generating key rootca. rootca key generated. New key pair named rootca has been generated and stored in the HSM. New CSR has been stored under: root.csr. # cxitool Dev=root LogonSign=COMMISSIONER,:cs2:cjo:USB0 ListKet ys idx algo size type group name spec -------------------------------------------------------------------------------------- 1 ECDSA 256 pub+prv TCN.ROOT rootca 1 # cat rootc c -csr-signer.conf keyStoreConfig = { hsmHost = root hsmPort = 288 userConfigs = [ { username = "COMMISSIONER" mode = CARD_READER device = ":cs2:cjo:USB0" } ] } csrFile = "root.csr" certificateStoreFile = "./certificateStore.jks" certificateStorePassword = "trustpass" certificateConfig = { signingKeyConfig = { keyAlias = "rootca" keyGroup = "TCN.ROOT" keySpecifier = 1 } validDays = 7066 signatureAlgorithm = "SHA256withECDSA" keyUsages = [ DIGITAL_SIGNATURE, KEY_CERT_SIGN, CRL_SIGN ] isCa = true isSelfSigned = true } certificateAlias = "rootca" # ./h root-hsm-operations.sh csr-signer Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Retrieving the signing key pair. Certificate for C=US,L=New York,O=Corda Network Governing Body,OU=Corda Network,CN=Corda Network Root Certificate created. Certificate generated: [ [ Version: V3 Subject: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Signature Algorithm: SHA256withECDSA, OID = 1.2.840.10045.4.3.2 Key: Sun EC public key, 256 bits public x coord: 101041668600579107777699738340680677959089098453713944012203889311385691038477 public y coord: 30811355915429272266568548592531527174648615585839278829212266283656561115267 parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) Validity: [From: Fri Sep 14 00:00:00 UTC 2018, To: Mon Jan 18 00:00:00 UTC 2038] Issuer: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US SerialNumber: [ 10e5ff3e a9bed004] Certificate Extensions: 3 [1]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] [2]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] [3]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 44 30 BE 62 A8 95 4B 13 03 5A D3 C4 63 45 6E 9C D0.b..K..Z..cEn. 0010: F1 1C E4 65 ...e ] ] ] Algorithm: [SHA256withECDSA] Signature: 0000: 30 44 02 20 6B 65 BB 7A C3 2F 50 DA 52 F6 26 15 0D. ke.z./P.R.&. 0010: 9F 13 74 11 96 9A 69 92 B2 A5 DC 32 A0 2E 23 BC ..t...i....2..#. 0020: A7 88 7F 6A 02 20 09 B3 F3 2F 9D 4B E3 6F AE 51 ...j. .../.K.o.Q 0030: BC FE C4 13 84 95 F5 E8 42 91 5E 1F 5C 45 CB 9F ........B.^.\E.. 0040: BB 5C F5 7D BD FE .\.... ] Certificate stored under rootca in the certificate store. # cat root-c cert-updater.conf keyStoreConfig = { hsmHost = root hsmPort = 288 userConfigs = [ { username = "COMMISSIONER" mode = CARD_READER device = ":cs2:cjo:USB0" } ] } certificateStoreFile = "./certificateStore.jks" certificateStorePassword = "trustpass" keyConfig = { keyAlias = "rootca" keyGroup = "TCN.ROOT" keySpecifier = 1 } # ./h root-hsm-operations.sh cert-updater   ter Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Retrieving the certificate `rootca` from the certificate store... Updating the key `rootca` certificate chain in the HSM... Certificate updated under the `rootca` in the HSM. # cat rot t ot-crl-generator.conf keyStoreConfig = { hsmHost = root hsmPort = 288 userConfigs = [ { username = "COMMISSIONER" mode = CARD_READER device = ":cs2:cjo:USB0" } ] } crl = { signingKeyConfig = { keyAlias = "rootca" keyGroup = "TCN.ROOT" keySpecifier = 1 } validDays = 7066 indirectIssuer = false filePath = "./cnrc.crl" crlEndpoint = "http://crl.corda.network/cnrc.crl" } # ./root-hsm-operations.sh crl-generator Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Generating an empty CRL... The CRL has been generated and stored in ./cnrc.crl # ket ytool -printcrl -file cnrc.crl X.509 CRL v2 Signature Algorithm: SHA256withECDSA, params unparsed, OID=1.2.840.10045.4.3.2 Issuer: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US This Update: Fri Sep 14 13:03:07 UTC 2018 Next Update: Mon Jan 18 13:03:07 UTC 2038 Revoked Certificates: 1 [1] SerialNumber: [ 00] On: Fri Sep 14 13:03:07 UTC 2018 CRL Extensions: 2 [1]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 44 30 BE 62 A8 95 4B 13 03 5A D3 C4 63 45 6E 9C D0.b..K..Z..cEn. 0010: F1 1C E4 65 ...e ] [CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US] SerialNumber: [ 10e5ff3e a9bed004] ] [2]: ObjectId: 2.5.29.28 Criticality=true IssuingDistributionPoint [ DistributionPointName: [URIName: http://crl.corda.network/cnrc.crl] Only contains user certs: false Only contains CA certs: false Only contains attribute certs: false Indirect CRL: false ] Signature: 0000: 30 46 02 21 00 C0 E1 BF D5 2C B9 AE F4 1E 77 2B 0F.!.....,....w+ 0010: 04 5E 00 A9 D9 AD 68 6D 88 4F 0F 00 E7 1C 35 C2 .^....hm.O....5. 0020: E8 73 66 05 EE 02 21 00 82 58 73 35 07 4A 62 AF .sf...!..Xs5.Jb. 0030: 2A 89 9F 61 B3 AE 47 31 1B 2F 6A FC 20 70 D9 66 *..a..G1./j. p.f 0040: EC AD 0F DE FF EE 6F 41 ......oA ******************************************* WARNING: not verified. Make sure -keystore is correct. ******************************************* # lsusb   blk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:16 1 14.3G 0 disk `-sdb1 8:17 1 14.3G 0 part nvme0n1 259:0 0 238.5G 0 disk |-nvme0n1p1 259:1 0 260M 0 part |-nvme0n1p2 259:2 0 16M 0 part |-nvme0n1p3 259:3 0 237.2G 0 part `-nvme0n1p4 259:4 0 1000M 0 part # mkfs.cfat    vfat /dev/sdb1 mkfs.fat 4.1 (2017-01-24) # mount /dev/sdb1 /mnt/ # cp cnrc.crl /mnt/ # ls -la /mnt/ total 16 drwxr-xr-x 2 root root 8192 Sep 14 13:05 . drwxr-xr-x 19 root root 400 Sep 14 2018 .. -rwxr-xr-x 1 root root 571 Sep 14 13:05 cnrc.crl # umount /mnt/ #  # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:16 1 14.4G 0 disk `-sdb1 8:17 1 14.4G 0 part nvme0n1 259:0 0 238.5G 0 disk |-nvme0n1p1 259:1 0 260M 0 part |-nvme0n1p2 259:2 0 16M 0 part |-nvme0n1p3 259:3 0 237.2G 0 part `-nvme0n1p4 259:4 0 1000M 0 part # mkfs.vfat /dev/sdb1 mkfs.fat 4.1 (2017-01-24) # mount /dev/sdb1 /mnt/ # cp cnrc.crl /mnt/ # ls -la /mnt/ total 16 drwxr-xr-x 2 root root 8192 Sep 14 13:06 . drwxr-xr-x 19 root root 400 Sep 14 2018 .. -rwxr-xr-x 1 root root 571 Sep 14 13:06 cnrc.crl # uo mount /mnt/ # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:16 1 14.3G 0 disk `-sdb1 8:17 1 14.3G 0 part nvme0n1 259:0 0 238.5G 0 disk |-nvme0n1p1 259:1 0 260M 0 part |-nvme0n1p2 259:2 0 16M 0 part |-nvme0n1p3 259:3 0 237.2G 0 part `-nvme0n1p4 259:4 0 1000M 0 part # mkfs.vfat /dev/sdb1 mkfs.fat 4.1 (2017-01-24) # mount /dev/sdb1 /mnt # cs xitool Dev=root LogonSign=COMMISSIONER,:cs2:cjo:USB0 Name=rootca BackupKey Error B91D5047 PIN pad API USB errno = 71 at Cxi::logon_sign # cxitool Dev=root LogonSign=COMMISSIONER,:cs2:cjo:USB0 Name=rootca BackupKey TCN%2E%ROOT_rootca_1.kbk 1 key(s) backed up # mkdir /tmp/keys # mv TCN%2E%ROOT_rootca_1.kbk /tmp/keys/root_key.kbk # gpg --cipher-alo go aes256 --output /tmp/keys/root_key.kbk.env c --passhprase-file /tmp/gpg/root_backup_pass.txt --batch --yes --armour --symetric       metric /r t, mp/keys/root_key.kbk gpg: invalid option "--passhprase-file" # gpg --cipher-algo aes256 --output /tmp/keys/root_key.kbk.enc --passhprase-file /tmp/gpg/root_backup_pass.txt --batch --yes --armour --symmetric /tmp/keys/root_key.kbkk.enc --passhprahp[1@h gpg: directory '/root/.gnupg' created gpg: keybox '/root/.gnupg/pubring.kbx' created # cp /tmp/keys/root_key.kbk /mnt/ # umount /mnt/ # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:16 1 14.3G 0 disk `-sdb1 8:17 1 14.3G 0 part nvme0n1 259:0 0 238.5G 0 disk |-nvme0n1p1 259:1 0 260M 0 part |-nvme0n1p2 259:2 0 16M 0 part |-nvme0n1p3 259:3 0 237.2G 0 part `-nvme0n1p4 259:4 0 1000M 0 part # mount/de    /devsdb1     /  /sdb1 /mnt # mkdir /tmp/keys-bak # cp /mnt/root_key.kbk /tmn p/keys-bak/ # gpg --decrypt --cipher  -alog  go eas   aes256 --output /tmp/keys-bac k/root- - _key.kbk --passphrassse   s e-file /tmp//gpg// root_backup_pass.txt /gpg/root_backup_pass.txt  --batch --yes /tmp/keys-bak/root_key.kbk                                                                                                                                                                  umount /mnt/ #  # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:16 1 14.3G 0 disk `-sdb1 8:17 1 14.3G 0 part nvme0n1 259:0 0 238.5G 0 disk |-nvme0n1p1 259:1 0 260M 0 part |-nvme0n1p2 259:2 0 16M 0 part |-nvme0n1p3 259:3 0 237.2G 0 part `-nvme0n1p4 259:4 0 1000M 0 part # mkfs.vfat /dev/sdb1 mkfs.fat 4.1 (2017-01-24) # mount /dev/sdb1 /mnt/ # cxitool DEV  ev=root LogonSign=COMMISSIONER,:cs2:cjo:USB- 0 NAM  ame=rootca BackupKey TCN%2E%ROOT_rootca_1.kbk 1 key(s) backed up # ls  rm /tmp/keys/root_key.kbk* # rmdir /tmp/keys # ls -la /tmp total 0 drwxrwxrwt 6 root root 120 Sep 14 13:22 . drwxr-xr-x 19 root root 400 Sep 14 2018 .. drwxr-xr-x 2 root root 60 Sep 14 2018 audit drwxr-xr-x 2 root root 80 Sep 14 10:44 gpg drwxr-xr-x 2 root root 40 Sep 14 13:03 hsperfdata_root drwxr-xr-x 2 root root 60 Sep 14 13:16 keys-bak # rm * /tmp/keys-bak /tmp/keys-bak/* # rmdir /tmp/keys-bak # ls -la /tmp total 0 drwxrwxrwt 5 root root 100 Sep 14 13:26 . drwxr-xr-x 19 root root 400 Sep 14 2018 .. drwxr-xr-x 2 root root 60 Sep 14 2018 audit drwxr-xr-x 2 root root 80 Sep 14 10:44 gpg drwxr-xr-x 2 root root 40 Sep 14 13:03 hsperfdata_root # mv TCN%2E%ROOT_rootca_1.kbk /tmp/key                                    mkdir /tmp/ey  keys # mv TCN%2E%ROOT_rootca_1.kbk /tmp/keys/root_ky ey.kbk # gpg --cipher-algo aes256 --output /tmp/keys/root_key.kbk.env c --passphrase-file /tmp/gpg/root_backup_t pass.txt --batch --yes --armout r --symmetric /tmp/keys/root_key.kbk # cp /tmp/keys/root_key.kbk.enc /mnt/ # ls -la /mnt/ total 16 drwxr-xr-x 2 root root 8192 Sep 14 13:32 . drwxr-xr-x 19 root root 400 Sep 14 2018 .. -rwxr-xr-x 1 root root 996 Sep 14 13:32 root_key.kbk.enc # umount /mnt/ # ks  lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:16 1 14.3G 0 disk `-sdb1 8:17 1 14.3G 0 part nvme0n1 259:0 0 238.5G 0 disk |-nvme0n1p1 259:1 0 260M 0 part |-nvme0n1p2 259:2 0 16M 0 part |-nvme0n1p3 259:3 0 237.2G 0 part `-nvme0n1p4 259:4 0 1000M 0 part # mount d /dev/sdb1 /mnt/ # mkdir /tmp/keys-bak # cp /mnt/root_key.kbk.enc /tmp/keys-r bak # gpg --decrypr t --cipher-alogo eas      g  goaes    aes256 --output /tmp/keys-bak/root_key.kbk --passphrase-file /tmp/gpg/root_backup_pass.txt --batch --te  yes /tmp/keys-bak/root_key.kbk.enc gpg: AES256 encrypted data gpg: encrypted with 1 passphrase # cxitool Dev=root Login  onSign: =COMMISIONER,cs2:cjo[1@SIONER,cs2:cjo:USB0,[1@:cs2:cjo:USB0 Name=rootca-bak RestoreKey=/tmp/keys-bak/root_key.kbk # cxitool Dev=root LogonSign=COMMISSIONER,:cs2:cjo:USB0 Name=* ListKeys idx algo size type group name spec -------------------------------------------------------------------------------------- 1 ECDSA 256 pub+prv TCN.ROOT rootca 1 2 ECDSA 256 pub+prv TCN.ROOT rootca-bak 1 # umount /mnt/ # mkfd.  s. mkfs.cramfs mkfs.ext2 mkfs.ext3 mkfs.ext4 mkfs.fat mkfs.msdos mkfs.vfat # mkfs.vfat /dev/sdx b1 mkfs.fat 4.1 (2017-01-24) # ls   # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:16 1 14.3G 0 disk `-sdb1 8:17 1 14.3G 0 part nvme0n1 259:0 0 238.5G 0 disk |-nvme0n1p1 259:1 0 260M 0 part |-nvme0n1p2 259:2 0 16M 0 part |-nvme0n1p3 259:3 0 237.2G 0 part `-nvme0n1p4 259:4 0 1000M 0 part # mkfs.vfat /dev/sda b1 mkfs.fat 4.1 (2017-01-24) # mount/  /m dev/sdb1 /mnt/ # cp /tmp/keys/root_key.kbk.enc /mm nt/ # ls -la /mnt/ total 16 drwxr-xr-x 2 root root 8192 Sep 14 13:44 . drwxr-xr-x 19 root root 400 Sep 14 2018 .. -rwxr-xr-x 1 root root 996 Sep 14 13:44 root_key.kbk.enc # umount /mnt/ #  # lsbk lk /  NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:16 1 14.4G 0 disk `-sdb1 8:17 1 14.4G 0 part nvme0n1 259:0 0 238.5G 0 disk |-nvme0n1p1 259:1 0 260M 0 part |-nvme0n1p2 259:2 0 16M 0 part |-nvme0n1p3 259:3 0 237.2G 0 part `-nvme0n1p4 259:4 0 1000M 0 part # m mkfs/   .vfat /dev/sdb1 mkfs.fat 4.1 (2017-01-24) # mount /dev/sdb1 /mnt/ # cp /r tmp/keys/root_key.kbk.enc /mnt/ # ls -l /mnt total 8 -rwxr-xr-x 1 root root 996 Sep 14 13:47 root_key.kbk.enc # umount /mnt/ # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:16 1 14.3G 0 disk `-sdb1 8:17 1 14.3G 0 part nvme0n1 259:0 0 238.5G 0 disk |-nvme0n1p1 259:1 0 260M 0 part |-nvme0n1p2 259:2 0 16M 0 part |-nvme0n1p3 259:3 0 237.2G 0 part `-nvme0n1p4 259:4 0 1000M 0 part # mkfs.vfat /dev/sdb1 mkfs.fat 4.1 (2017-01-24) # mount /m dev/sdb1 /mnt/ # cp /tmp/keys/root_key.kbk.enc /mnt/ # ls -l  a /mnt total 16 drwxr-xr-x 2 root root 8192 Sep 14 13:48 . drwxr-xr-x 19 root root 400 Sep 14 2018 .. -rwxr-xr-x 1 root root 996 Sep 14 13:48 root_key.kbk.enc # umount /mnt/ #  # cxitool Dev=root LogonSign=COMMISSIONRE  ER,:cs2:cjo:USB0 Name=rootca GR rop up=TCN.ROOT Spec=1 ExportCert # openssl x509 -inform der -noout -in TCN.ROOT_rootca.der -text Certificate: Data: Version: 3 (0x2) Serial Number: 1217659918874497028 (0x10e5ff3ea9bed004) Signature Algorithm: ecdsa-with-SHA256 Issuer: C=US, L=New York, O=Corda Network Governing Body, OU=Corda Network, CN=Corda Network Root Certificate Validity Not Before: Sep 14 00:00:00 2018 GMT Not After : Jan 18 00:00:00 2038 GMT Subject: C=US, L=New York, O=Corda Network Governing Body, OU=Corda Network, CN=Corda Network Root Certificate Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:df:63:8e:ca:7d:68:db:5f:b8:30:4b:91:af:e4: 04:59:6e:85:43:2c:7b:f4:af:fa:7d:31:77:05:9a: 9f:23:0d:44:1e:9c:04:b9:ac:f2:7e:fb:b8:a3:b4: da:f3:d5:d5:49:48:7f:ba:1e:16:cc:4d:22:16:e8: 97:1f:c1:40:83 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Subject Key Identifier: 44:30:BE:62:A8:95:4B:13:03:5A:D3:C4:63:45:6E:9C:F1:1C:E4:65 X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign Signature Algorithm: ecdsa-with-SHA256 30:44:02:20:6b:65:bb:7a:c3:2f:50:da:52:f6:26:15:9f:13: 74:11:96:9a:69:92:b2:a5:dc:32:a0:2e:23:bc:a7:88:7f:6a: 02:20:09:b3:f3:2f:9d:4b:e3:6f:ae:51:bc:fe:c4:13:84:95: f5:e8:42:91:5e:1f:5c:45:cb:9f:bb:5c:f5:7d:bd:fe # cxo itool Dee v=root Lof gonSign=COMMISSINER     SIONER,:cjo   cs2:cjo:USB0N   nm  Name=rootcaKeyI     KeyInfo Error B0880004 CryptoServer Database Module record not found at Cxi::exec # cxitool Dev=root LogonSign=COMMISSIONER,:cs2:cjo:USB Name=rootca KeyInfo[1@G[1@r[1@o[1@i[1@u[1@p[1@=[1@T[1@C[1@M[1@N[1@.[1@R[1@o[1@o[1@t[1@ [1@O[1@O[1@T[1@ [1@S[1@p[1@e[1@c[1@=[1@1[1@ # cxitool Dev=R root LogonSign=COMMISSIONER,:cs2;c  :cjo:USB0 NA  ListKeys idx algo size type group name spec -------------------------------------------------------------------------------------- 1 ECDSA 256 pub+prv TCN.ROOT rootca 1 2 ECDSA 256 pub+prv TCN.ROOT rootca-bak 1 # cxitool Dev=root LogonSign=COMMISSIONER,:cs2:cjo:USB0 ListKeys Name=rootca Group=TCN.ROOT Spec=1 KeyInfo[1@0 Name=rootca Group=TCN.ROOT S Group : TCN.ROOT Name : rootca Specifier : 1 Algo : ECDSA Size : 256 Export : 0x00000001 Extractable : 1 Sensitive : 1 Usage : 0x000002bf Encrypt : 1 Decrypt : 1 Sign : 1 Verify : 1 Verify_Rec. : 1 Wrap : 1 Unwrap : 1 Derive : 1 BlockLen : 64 Type : pub+prv DateGen : DateExp : Label : Curve: 0 4e495354 2d503235 36 |NIST-P256 | PubKey: 0 04df638e ca7d68db 5fb8304b 91afe404 | c }h _ 0K | 10 596e8543 2c7bf4af fa7d3177 059a9f23 |Yn C,{ }1w #| 20 0d441e9c 04b9acf2 7efbb8a3 b4daf3d5 | D ~ | 30 d549487f ba1e16cc 4d2216e8 971fc140 | IH M" @| 40 83 | | Certificate: 0 30820249 308201f0 a0030201 02020810 |0 I0 | 10 e5ff3ea9 bed00430 0a06082a 8648ce3d | > 0 * H =| 20 04030230 8188310b 30090603 55040613 | 0 1 0 U | 30 02555331 11300f06 03550407 13084e65 | US1 0 U Ne| 40 7720596f 726b3125 30230603 55040a13 |w York1%0# U | 50 1c436f72 6461204e 6574776f 726b2047 | Corda Network G| 60 6f766572 6e696e67 20426f64 79311630 |overning Body1 0| 70 14060355 040b130d 436f7264 61204e65 | U Corda Ne| 80 74776f72 6b312730 25060355 0403131e |twork1'0% U | 90 436f7264 61204e65 74776f72 6b20526f |Corda Network Ro| a0 6f742043 65727469 66696361 7465301e |ot Certificate0 | b0 170d3138 30393134 30303030 30305a17 | 180914000000Z | c0 0d333830 31313830 30303030 305a3081 | 380118000000Z0 | d0 88310b30 09060355 04061302 55533111 | 1 0 U US1 | e0 300f0603 55040713 084e6577 20596f72 |0 U New Yor| f0 6b312530 23060355 040a131c 436f7264 |k1%0# U Cord| 100 61204e65 74776f72 6b20476f 7665726e |a Network Govern| 110 696e6720 426f6479 31163014 06035504 |ing Body1 0 U | 120 0b130d43 6f726461 204e6574 776f726b | Corda Network| 130 31273025 06035504 03131e43 6f726461 |1'0% U Corda| 140 204e6574 776f726b 20526f6f 74204365 | Network Root Ce| 150 72746966 69636174 65305930 1306072a |rtificate0Y0 *| 160 8648ce3d 02010608 2a8648ce 3d030107 | H = * H = | 170 03420004 df638eca 7d68db5f b8304b91 | B c }h _ 0K | 180 afe40459 6e85432c 7bf4affa 7d317705 | Yn C,{ }1w | 190 9a9f230d 441e9c04 b9acf27e fbb8a3b4 | # D ~ | 1a0 daf3d5d5 49487fba 1e16cc4d 2216e897 | IH M" | 1b0 1fc14083 a3423040 301d0603 551d0e04 | @ B0@0 U | 1c0 16041444 30be62a8 954b1303 5ad3c463 | D0 b K Z c| 1d0 456e9cf1 1ce46530 0f060355 1d130101 |En e0 U | 1e0 ff040530 030101ff 300e0603 551d0f01 | 0 0 U | 1f0 01ff0404 03020186 300a0608 2a8648ce | 0 * H | 200 3d040302 03470030 4402206b 65bb7ac3 |= G 0D ke z | 210 2f50da52 f626159f 13741196 9a6992b2 |/P R & t i | 220 a5dc32a0 2e23bca7 887f6a02 2009b3f3 | 2 .# j | 230 2f9d4be3 6fae51bc fec41384 95f5e842 |/ K o Q B| 240 915e1f5c 45cb9fbb 5cf57dbd fe | ^ \E \ } | # cxitool Dev=root LogonSign=COMMISSIONER,:cs2:cjo:USB0 Name=rootca Group=TCN.ROOT Spec=1 KeyInfo [1@-[1@b[1@a[1@k Group : TCN.ROOT Name : rootca-bak Specifier : 1 Algo : ECDSA Size : 256 Export : 0x00000001 Extractable : 1 Sensitive : 1 Usage : 0x000002bf Encrypt : 1 Decrypt : 1 Sign : 1 Verify : 1 Verify_Rec. : 1 Wrap : 1 Unwrap : 1 Derive : 1 BlockLen : 64 Type : pub+prv DateGen : DateExp : Label : Curve: 0 4e495354 2d503235 36 |NIST-P256 | PubKey: 0 04df638e ca7d68db 5fb8304b 91afe404 | c }h _ 0K | 10 596e8543 2c7bf4af fa7d3177 059a9f23 |Yn C,{ }1w #| 20 0d441e9c 04b9acf2 7efbb8a3 b4daf3d5 | D ~ | 30 d549487f ba1e16cc 4d2216e8 971fc140 | IH M" @| 40 83 | | Certificate: 0 30820249 308201f0 a0030201 02020810 |0 I0 | 10 e5ff3ea9 bed00430 0a06082a 8648ce3d | > 0 * H =| 20 04030230 8188310b 30090603 55040613 | 0 1 0 U | 30 02555331 11300f06 03550407 13084e65 | US1 0 U Ne| 40 7720596f 726b3125 30230603 55040a13 |w York1%0# U | 50 1c436f72 6461204e 6574776f 726b2047 | Corda Network G| 60 6f766572 6e696e67 20426f64 79311630 |overning Body1 0| 70 14060355 040b130d 436f7264 61204e65 | U Corda Ne| 80 74776f72 6b312730 25060355 0403131e |twork1'0% U | 90 436f7264 61204e65 74776f72 6b20526f |Corda Network Ro| a0 6f742043 65727469 66696361 7465301e |ot Certificate0 | b0 170d3138 30393134 30303030 30305a17 | 180914000000Z | c0 0d333830 31313830 30303030 305a3081 | 380118000000Z0 | d0 88310b30 09060355 04061302 55533111 | 1 0 U US1 | e0 300f0603 55040713 084e6577 20596f72 |0 U New Yor| f0 6b312530 23060355 040a131c 436f7264 |k1%0# U Cord| 100 61204e65 74776f72 6b20476f 7665726e |a Network Govern| 110 696e6720 426f6479 31163014 06035504 |ing Body1 0 U | 120 0b130d43 6f726461 204e6574 776f726b | Corda Network| 130 31273025 06035504 03131e43 6f726461 |1'0% U Corda| 140 204e6574 776f726b 20526f6f 74204365 | Network Root Ce| 150 72746966 69636174 65305930 1306072a |rtificate0Y0 *| 160 8648ce3d 02010608 2a8648ce 3d030107 | H = * H = | 170 03420004 df638eca 7d68db5f b8304b91 | B c }h _ 0K | 180 afe40459 6e85432c 7bf4affa 7d317705 | Yn C,{ }1w | 190 9a9f230d 441e9c04 b9acf27e fbb8a3b4 | # D ~ | 1a0 daf3d5d5 49487fba 1e16cc4d 2216e897 | IH M" | 1b0 1fc14083 a3423040 301d0603 551d0e04 | @ B0@0 U | 1c0 16041444 30be62a8 954b1303 5ad3c463 | D0 b K Z c| 1d0 456e9cf1 1ce46530 0f060355 1d130101 |En e0 U | 1e0 ff040530 030101ff 300e0603 551d0f01 | 0 0 U | 1f0 01ff0404 03020186 300a0608 2a8648ce | 0 * H | 200 3d040302 03470030 4402206b 65bb7ac3 |= G 0D ke z | 210 2f50da52 f626159f 13741196 9a6992b2 |/P R & t i | 220 a5dc32a0 2e23bca7 887f6a02 2009b3f3 | 2 .# j | 230 2f9d4be3 6fae51bc fec41384 95f5e842 |/ K o Q B| 240 915e1f5c 45cb9fbb 5cf57dbd fe | ^ \E \ } | # cxitool Dev=root LogonSign=COMMISSIONER,:cs2:cjo:USB0 Name=rootca-bak Group=TCN.ROOT Spec=1 KeyInfo # csadm ChangePin: =:cs s2:cjo:USB0 # csadm Dev=Subs LogonSign=HSMAdmin1,:cs2:cjo:USB0 LogonSing  gn=HSMOversight1,:cs2:cjo:USB0 AddUser=COMMISSIONER,02  00000002{CXIG _GRP OPU   OUP=TCN.*},rsasign,:cs2:cjo:USB0csadm Dev=S[1@subs LogonSign=HSMAdmin1,:cs2:cjo:USB0 LogonSign=HSMOversight1,:cs2:cjo:USB0 AddUser=COMMISSIONER,00000002{CXI_GROUP=TCN.*},rsasign,:cs2:cjo:USB0 # csadm Dev=subs ListUsers Name Permission Mechanism Attributes COMMISSIONER 00000002 RSA sign A[CXI_GROUP=TCN.*] HSMAdmin1 22022000 RSA sign Z[0]A[CXI_GROUP=*] HSMAdmin2 22022000 RSA sign A[CXI_GROUP=*] HSMOversight1 22020020 RSA sign Z[0]A[CXI_GROUP=*] HSMOversight2 22020020 RSA sign A[CXI_GROUP=*] SUPER ffffffff RSA sign Z[0]A[CXI_GROUP=*] # cd /tcn/sign # cat subordinate-hsm-operations.sh #!/bin/bash usage () { echo "Please select one from following options followed by subordintes key number (1 to 6)" echo "" for op in ${OPERATIONS[@]} do echo $op done exit 1 } OPERATIONS=(key-csr-generator csr-signer cert-updater) NUMBERS=(1 2 3 4 5 6 7 8 9 10) if (( $# != 2 )) then echo ">> Wrong number of arguments <<" usage fi if [[ ! ${OPERATIONS[@]} =~ "${1}" ]] then echo ">> Wrong arguments <<" usage fi if [[ ! ${NUMBERS[@]} =~ "${2}" ]] then echo ">> Wrong number <<" usage fi operation=$1 number=$2 sed "s/%NUMBER/$2/" subordinate-${operation}.conf > subordinate${number}-${operation}.conf $JAVA_HOME/bin/java -jar /tcn/sign/utilities.jar ${operation} --config-file subordinate${number}-${operation}.conf # cat subordinate-csr-signer.conf                 key-csr-generator.conf keyStoreConfig = { hsmHost = subs hsmPort = 288 userConfigs = [ { username = "COMMISSIONER" mode = CARD_READER device = ":cs2:cjo:USB0" } ] } keyConfig = { keyGroup = "TCN.SUBORDINATE" keySpecifier = 1 keyAlias = "subordinate%NUMBER" storeKeysExternal = false keyOverride = 0 keyExport = 0 keyCurve = "NIST-P256" keyGenMechanism = 4 } subject = "CN=Corda Network Authority CNA%NUMBER, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US" csrFile = "subordinate%NUMBER.csr" # ./subordinate-hsm-operations.sh key-csr-generator 1 Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Generating key subordinate1. subordinate1 key generated. New key pair named subordinate1 has been generated and stored in the HSM. New CSR has been stored under: subordinate1.csr. # ./subordinate-hsm-operations.sh key-csr-generator 1 2 Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Generating key subordinate2. subordinate2 key generated. New key pair named subordinate2 has been generated and stored in the HSM. New CSR has been stored under: subordinate2.csr. # ./subordinate-hsm-operations.sh key-csr-generator 2 3 Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Generating key subordinate3. subordinate3 key generated. New key pair named subordinate3 has been generated and stored in the HSM. New CSR has been stored under: subordinate3.csr. # ./subordinate-hsm-operations.sh key-csr-generator 3 4 Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Generating key subordinate4. subordinate4 key generated. New key pair named subordinate4 has been generated and stored in the HSM. New CSR has been stored under: subordinate4.csr. # ./subordinate-hsm-operations.sh key-csr-generator 4 5 Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Generating key subordinate5. subordinate5 key generated. New key pair named subordinate5 has been generated and stored in the HSM. New CSR has been stored under: subordinate5.csr. # ./subordinate-hsm-operations.sh key-csr-generator 5 6 Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Generating key subordinate6. subordinate6 key generated. New key pair named subordinate6 has been generated and stored in the HSM. New CSR has been stored under: subordinate6.csr. # ./subordinate-hsm-operations.sh key-csr-generator 6 7 Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Generating key subordinate7. subordinate7 key generated. New key pair named subordinate7 has been generated and stored in the HSM. New CSR has been stored under: subordinate7.csr. # ./subordinate-hsm-operations.sh key-csr-generator 7 8 Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Generating key subordinate8. subordinate8 key generated. New key pair named subordinate8 has been generated and stored in the HSM. New CSR has been stored under: subordinate8.csr. # cxitool Dev=subs LogonSig gn=COMMISSIONER,:cs2:cjo:USB0 ListKeys idx algo size type group name spec -------------------------------------------------------------------------------------- 1 ECDSA 256 pub+prv TCN.SUBORDINATE subordinate1 1 2 ECDSA 256 pub+prv TCN.SUBORDINATE subordinate2 1 3 ECDSA 256 pub+prv TCN.SUBORDINATE subordinate3 1 4 ECDSA 256 pub+prv TCN.SUBORDINATE subordinate4 1 5 ECDSA 256 pub+prv TCN.SUBORDINATE subordinate5 1 6 ECDSA 256 pub+prv TCN.SUBORDINATE subordinate6 1 7 ECDSA 256 pub+prv TCN.SUBORDINATE subordinate7 1 8 ECDSA 256 pub+prv TCN.SUBORDINATE subordinate8 1 # cat subordinate-csr-signer.conf keyStoreConfig = { hsmHost = root hsmPort = 288 userConfigs = [ { username = "COMMISSIONER" mode = CARD_READER device = ":cs2:cjo:USB0" } ] } csrFile = "subordinate%NUMBER.csr" certificateStoreFile = "./certificateStore.jks" certificateStorePassword = "trustpass" certificateConfig = { signingKeyConfig = { keyAlias = "rootca" keyGroup = "TCN.ROOT" keySpecifier = 1 } signatureAlgorithm = "SHA256withECDSA" validDays = 7066 keyUsages = [ DIGITAL_SIGNATURE, KEY_CERT_SIGN, CRL_SIGN ], keyPurposes = [ SERVER_AUTH, CLIENT_AUTH ] isCa = true isSelfSigned = false cpsUrl = "https://trust.corda.network" crlDistributionUrl = "http://crl.corda.network/cnrc.crl" } certificateAlias = "subordinate%NUMBER" # ./h   ./subordinate-hsm-operations.sh csr-signer 1 Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Retrieving the signing key pair. Certificate for C=US,L=New York,O=Corda Network Governing Body,OU=Corda Network,CN=Corda Network Authority CNA1 created. Certificate generated: [ [ Version: V3 Subject: CN=Corda Network Authority CNA1, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Signature Algorithm: SHA256withECDSA, OID = 1.2.840.10045.4.3.2 Key: Sun EC public key, 256 bits public x coord: 108804561016941560718191842309832352662489782183536493802088087178726333117766 public y coord: 68126504389155217509011986705707069562114339368916399353106601293489556814351 parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) Validity: [From: Fri Sep 14 00:00:00 UTC 2018, To: Mon Jan 18 00:00:00 UTC 2038] Issuer: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US SerialNumber: [ 346c5895 dc683070] Certificate Extensions: 7 [1]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 44 30 BE 62 A8 95 4B 13 03 5A D3 C4 63 45 6E 9C D0.b..K..Z..cEn. 0010: F1 1C E4 65 ...e ] ] [2]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] [3]: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.corda.network/cnrc.crl] ]] [4]: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [1.3.6.1.5.5.7.2.1] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 74 72 75 73 74 2E ..https://trust. 0010: 63 6F 72 64 61 2E 6E 65 74 77 6F 72 6B corda.network ]] ] ] [5]: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] [6]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] [7]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: A9 85 9F 69 4A BF 06 00 3F 92 39 8B D6 91 E4 AA ...iJ...?.9..... 0010: D0 02 ED F5 .... ] ] ] Algorithm: [SHA256withECDSA] Signature: 0000: 30 45 02 21 00 EA E2 46 9E B1 EE 06 BC 28 AB EB 0E.!...F.....(.. 0010: 26 1E FB 43 29 94 C9 81 03 24 CA 9A 3F 36 0D 9B &..C)....$..?6.. 0020: BD B3 67 EA FE 02 20 1D 63 C6 7B 03 8F 65 0A C6 ..g... .c....e.. 0030: 4D DB 36 E8 0A 5F 79 E4 F4 18 ED 1C F9 8E B8 15 M.6.._y......... 0040: 5E 1C 8F 7A C7 AF F9 ^..z... ] Certificate stored under subordinate1 in the certificate store. # ./subordinate-hsm-operations.sh csr-signer 1 2 Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... HSM certificate signing error. Error while executing Network services tools command Unexpected Error: (CryptoServer) null. Full information can be found in log file # ./subordinate-hsm-operations.sh csr-signer 2 Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Retrieving the signing key pair. Certificate for C=US,L=New York,O=Corda Network Governing Body,OU=Corda Network,CN=Corda Network Authority CNA2 created. Certificate generated: [ [ Version: V3 Subject: CN=Corda Network Authority CNA2, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Signature Algorithm: SHA256withECDSA, OID = 1.2.840.10045.4.3.2 Key: Sun EC public key, 256 bits public x coord: 56717838024349844653656806069582677184973050747083762333556930387377578665893 public y coord: 11326997076103450111744559591304179595213480462763850893954831167302237549858 parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) Validity: [From: Fri Sep 14 00:00:00 UTC 2018, To: Mon Jan 18 00:00:00 UTC 2038] Issuer: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US SerialNumber: [ 50fe91b8 74f00c1e] Certificate Extensions: 7 [1]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 44 30 BE 62 A8 95 4B 13 03 5A D3 C4 63 45 6E 9C D0.b..K..Z..cEn. 0010: F1 1C E4 65 ...e ] ] [2]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] [3]: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.corda.network/cnrc.crl] ]] [4]: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [1.3.6.1.5.5.7.2.1] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 74 72 75 73 74 2E ..https://trust. 0010: 63 6F 72 64 61 2E 6E 65 74 77 6F 72 6B corda.network ]] ] ] [5]: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] [6]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] [7]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: DC 22 4B 27 06 12 C1 23 E1 34 B1 64 22 95 17 09 ."K'...#.4.d"... 0010: 22 E4 B9 A4 "... ] ] ] Algorithm: [SHA256withECDSA] Signature: 0000: 30 45 02 20 5E 38 CF A7 24 92 B8 19 DB D1 06 76 0E. ^8..$......v 0010: 78 7A CC BC 90 38 37 35 9C 3A 3F C0 B5 A4 50 16 xz...875.:?...P. 0020: 7E 40 E3 0E 02 21 00 81 09 02 0C 29 DA 19 0D C3 .@...!.....).... 0030: DD 1E EA 61 8E B8 62 54 1A 3D DB D7 57 26 F3 EF ...a..bT.=..W&.. 0040: E3 42 4B 19 46 E7 DE .BK.F.. ] Certificate stored under subordinate2 in the certificate store. # ./subordinate-hsm-operations.sh csr-signer 2 3 Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Retrieving the signing key pair. Certificate for C=US,L=New York,O=Corda Network Governing Body,OU=Corda Network,CN=Corda Network Authority CNA3 created. Certificate generated: [ [ Version: V3 Subject: CN=Corda Network Authority CNA3, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Signature Algorithm: SHA256withECDSA, OID = 1.2.840.10045.4.3.2 Key: Sun EC public key, 256 bits public x coord: 57504910545845575302523091347675444781576998310674679058228372888355702114391 public y coord: 37488269633768007583914994456288231609396140655515676930646590859547685420873 parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) Validity: [From: Fri Sep 14 00:00:00 UTC 2018, To: Mon Jan 18 00:00:00 UTC 2038] Issuer: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US SerialNumber: [ 63fd9455 41a441d1] Certificate Extensions: 7 [1]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 44 30 BE 62 A8 95 4B 13 03 5A D3 C4 63 45 6E 9C D0.b..K..Z..cEn. 0010: F1 1C E4 65 ...e ] ] [2]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] [3]: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.corda.network/cnrc.crl] ]] [4]: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [1.3.6.1.5.5.7.2.1] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 74 72 75 73 74 2E ..https://trust. 0010: 63 6F 72 64 61 2E 6E 65 74 77 6F 72 6B corda.network ]] ] ] [5]: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] [6]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] [7]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: EB 3F 58 3C DA 0A 40 6F F8 6E 49 9A 22 3F 8C 19 .?X<..@o.nI."?.. 0010: D5 8F A0 88 .... ] ] ] Algorithm: [SHA256withECDSA] Signature: 0000: 30 44 02 20 10 A4 19 01 57 FB DA B5 26 A7 DA 2B 0D. ....W...&..+ 0010: ED DC E5 FE A2 FD 90 84 1A A0 58 22 2F 02 8F 4D ..........X"/..M 0020: D3 F5 44 43 02 20 53 08 71 FF 29 38 EB 8F 1A 31 ..DC. S.q.)8...1 0030: 81 44 16 6D C4 B4 1B 14 96 2D FE C6 3D 5D 7A A1 .D.m.....-..=]z. 0040: 6E DD EC 8B 4D 4B n...MK ] Certificate stored under subordinate3 in the certificate store. # ./subordinate-hsm-operations.sh csr-signer 3 4 Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Retrieving the signing key pair. Certificate for C=US,L=New York,O=Corda Network Governing Body,OU=Corda Network,CN=Corda Network Authority CNA4 created. Certificate generated: [ [ Version: V3 Subject: CN=Corda Network Authority CNA4, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Signature Algorithm: SHA256withECDSA, OID = 1.2.840.10045.4.3.2 Key: Sun EC public key, 256 bits public x coord: 6807079136334530086641950348804294003248727185133470175825846288254501214080 public y coord: 17212083478105484265787575068001936101858978086087742555593170372890479478309 parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) Validity: [From: Fri Sep 14 00:00:00 UTC 2018, To: Mon Jan 18 00:00:00 UTC 2038] Issuer: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US SerialNumber: [ 2ccba5f7 bc5df225] Certificate Extensions: 7 [1]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 44 30 BE 62 A8 95 4B 13 03 5A D3 C4 63 45 6E 9C D0.b..K..Z..cEn. 0010: F1 1C E4 65 ...e ] ] [2]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] [3]: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.corda.network/cnrc.crl] ]] [4]: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [1.3.6.1.5.5.7.2.1] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 74 72 75 73 74 2E ..https://trust. 0010: 63 6F 72 64 61 2E 6E 65 74 77 6F 72 6B corda.network ]] ] ] [5]: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] [6]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] [7]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 78 1D 2D 23 54 A5 8E 7A B5 ED A1 FE 08 D0 8B 4E x.-#T..z.......N 0010: F0 D6 8B CE .... ] ] ] Algorithm: [SHA256withECDSA] Signature: 0000: 30 45 02 21 00 F2 AC 1A DD 82 F8 42 F5 99 C6 90 0E.!.......B.... 0010: 55 D3 AF B4 39 F8 7A 94 8F 18 37 26 A7 08 FC EF U...9.z...7&.... 0020: 23 CD D0 16 C5 02 20 74 AD 38 B9 A1 8E 65 4C 1D #..... t.8...eL. 0030: 9D DF D5 D2 C3 16 90 77 1E 9D 20 8A AC 27 D0 62 .......w.. ..'.b 0040: FF 4A 17 E7 F5 98 50 .J....P ] Certificate stored under subordinate4 in the certificate store. # ./subordinate-hsm-operations.sh csr-signer 4 5 Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Retrieving the signing key pair. Certificate for C=US,L=New York,O=Corda Network Governing Body,OU=Corda Network,CN=Corda Network Authority CNA5 created. Certificate generated: [ [ Version: V3 Subject: CN=Corda Network Authority CNA5, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Signature Algorithm: SHA256withECDSA, OID = 1.2.840.10045.4.3.2 Key: Sun EC public key, 256 bits public x coord: 78943449452390027825863566779523743269142176475251009055917601877075400902069 public y coord: 57666089094804536195795530008596812624254111338195682132399072658089430944031 parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) Validity: [From: Fri Sep 14 00:00:00 UTC 2018, To: Mon Jan 18 00:00:00 UTC 2038] Issuer: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US SerialNumber: [ 2f9a24ca c7eb8eed] Certificate Extensions: 7 [1]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 44 30 BE 62 A8 95 4B 13 03 5A D3 C4 63 45 6E 9C D0.b..K..Z..cEn. 0010: F1 1C E4 65 ...e ] ] [2]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] [3]: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.corda.network/cnrc.crl] ]] [4]: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [1.3.6.1.5.5.7.2.1] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 74 72 75 73 74 2E ..https://trust. 0010: 63 6F 72 64 61 2E 6E 65 74 77 6F 72 6B corda.network ]] ] ] [5]: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] [6]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] [7]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 7E B3 9D A4 D9 ED F4 B4 86 06 79 6B FE F8 2A 7B ..........yk..*. 0010: 9C C9 0E 97 .... ] ] ] Algorithm: [SHA256withECDSA] Signature: 0000: 30 45 02 20 74 ED 33 9E 36 A0 D0 77 04 25 4C C3 0E. t.3.6..w.%L. 0010: C3 17 7D E2 45 BB 12 76 D1 B2 89 2C 84 83 04 9C ....E..v...,.... 0020: 56 A4 C8 77 02 21 00 AE 93 18 AA 3F E6 D7 71 18 V..w.!.....?..q. 0030: 65 5D ED E7 59 7F 25 E5 18 4B 5C 74 D0 4D 35 62 e]..Y.%..K\t.M5b 0040: 57 75 C1 BD A3 5A F4 Wu...Z. ] Certificate stored under subordinate5 in the certificate store. # ./subordinate-hsm-operations.sh csr-signer 5 6 Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Retrieving the signing key pair. Certificate for C=US,L=New York,O=Corda Network Governing Body,OU=Corda Network,CN=Corda Network Authority CNA6 created. Certificate generated: [ [ Version: V3 Subject: CN=Corda Network Authority CNA6, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Signature Algorithm: SHA256withECDSA, OID = 1.2.840.10045.4.3.2 Key: Sun EC public key, 256 bits public x coord: 8969177577460427140606441924596659499999881137392200012083032382940247452929 public y coord: 45873901864693003976745719056395288638859073795611272994762655055399634089120 parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) Validity: [From: Fri Sep 14 00:00:00 UTC 2018, To: Mon Jan 18 00:00:00 UTC 2038] Issuer: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US SerialNumber: [ 12af2f30 ed1f195d] Certificate Extensions: 7 [1]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 44 30 BE 62 A8 95 4B 13 03 5A D3 C4 63 45 6E 9C D0.b..K..Z..cEn. 0010: F1 1C E4 65 ...e ] ] [2]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] [3]: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.corda.network/cnrc.crl] ]] [4]: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [1.3.6.1.5.5.7.2.1] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 74 72 75 73 74 2E ..https://trust. 0010: 63 6F 72 64 61 2E 6E 65 74 77 6F 72 6B corda.network ]] ] ] [5]: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] [6]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] [7]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 2A F4 08 90 73 CB 4F 14 B2 93 7A CB 93 5A 6F 91 *...s.O...z..Zo. 0010: 45 45 27 EB EE'. ] ] ] Algorithm: [SHA256withECDSA] Signature: 0000: 30 44 02 20 44 CD 69 6C 8C D3 93 F3 AD E9 68 0A 0D. D.il......h. 0010: 16 38 B6 FF B1 8E 81 03 80 D1 58 6A 51 32 11 6C .8........XjQ2.l 0020: 0D 93 1C E0 02 20 72 D2 6A D2 19 4C 43 24 FD 57 ..... r.j..LC$.W 0030: D6 1E 51 49 93 7A 50 2C 5A 88 34 D5 9E 56 E3 9A ..QI.zP,Z.4..V.. 0040: 8D 20 87 71 F8 47 . .q.G ] Certificate stored under subordinate6 in the certificate store. # ./subordinate-hsm-operations.sh csr-signer 6 7 Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Retrieving the signing key pair. Certificate for C=US,L=New York,O=Corda Network Governing Body,OU=Corda Network,CN=Corda Network Authority CNA7 created. Certificate generated: [ [ Version: V3 Subject: CN=Corda Network Authority CNA7, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Signature Algorithm: SHA256withECDSA, OID = 1.2.840.10045.4.3.2 Key: Sun EC public key, 256 bits public x coord: 9219969145204905190789629209075777507596596023608715634131002842623612996095 public y coord: 112955498411554699275334375377330424664574979376261625101914304839694567075449 parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) Validity: [From: Fri Sep 14 00:00:00 UTC 2018, To: Mon Jan 18 00:00:00 UTC 2038] Issuer: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US SerialNumber: [ 4eb88b4c c74c573e] Certificate Extensions: 7 [1]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 44 30 BE 62 A8 95 4B 13 03 5A D3 C4 63 45 6E 9C D0.b..K..Z..cEn. 0010: F1 1C E4 65 ...e ] ] [2]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] [3]: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.corda.network/cnrc.crl] ]] [4]: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [1.3.6.1.5.5.7.2.1] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 74 72 75 73 74 2E ..https://trust. 0010: 63 6F 72 64 61 2E 6E 65 74 77 6F 72 6B corda.network ]] ] ] [5]: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] [6]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] [7]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 82 40 F4 0E A3 84 24 5C 70 23 40 2F EE 26 32 6D .@....$\p#@/.&2m 0010: AA 0E C4 BE .... ] ] ] Algorithm: [SHA256withECDSA] Signature: 0000: 30 44 02 20 57 73 4B 9F 6F B8 6B D6 0C 78 E2 EE 0D. WsK.o.k..x.. 0010: 78 4D 47 85 EB 6D 48 AF B8 FF 72 57 F0 FE B4 DB xMG..mH...rW.... 0020: 90 8E 77 49 02 20 6C 89 D3 C8 4F E7 F2 9E 2D 40 ..wI. l...O...-@ 0030: D9 04 4F 26 8D A4 F0 6A 3D 64 64 B5 41 D0 76 33 ..O&...j=dd.A.v3 0040: 19 69 70 CB 99 7E .ip... ] Certificate stored under subordinate7 in the certificate store. # ./subordinate-hsm-operations.sh csr-signer 7 8 Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Retrieving the signing key pair. Certificate for C=US,L=New York,O=Corda Network Governing Body,OU=Corda Network,CN=Corda Network Authority CNA8 created. Certificate generated: [ [ Version: V3 Subject: CN=Corda Network Authority CNA8, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Signature Algorithm: SHA256withECDSA, OID = 1.2.840.10045.4.3.2 Key: Sun EC public key, 256 bits public x coord: 50014976356972706301994196027330715759539981888313659263267645208214683279242 public y coord: 43315324442208144875965424259448087910962430043308754887143624276542862922640 parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) Validity: [From: Fri Sep 14 00:00:00 UTC 2018, To: Mon Jan 18 00:00:00 UTC 2038] Issuer: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US SerialNumber: [ 59a90fac 9f273da0] Certificate Extensions: 7 [1]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 44 30 BE 62 A8 95 4B 13 03 5A D3 C4 63 45 6E 9C D0.b..K..Z..cEn. 0010: F1 1C E4 65 ...e ] ] [2]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] [3]: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.corda.network/cnrc.crl] ]] [4]: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [1.3.6.1.5.5.7.2.1] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 74 72 75 73 74 2E ..https://trust. 0010: 63 6F 72 64 61 2E 6E 65 74 77 6F 72 6B corda.network ]] ] ] [5]: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] [6]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] [7]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 41 67 90 E4 B2 EA D8 E9 B5 39 51 91 31 8C D5 3C Ag.......9Q.1..< 0010: C9 67 A0 3B .g.; ] ] ] Algorithm: [SHA256withECDSA] Signature: 0000: 30 45 02 21 00 94 DB 8D 36 1E D9 2C 4C 4A F5 89 0E.!....6..,LJ.. 0010: 7C B3 B4 9E 8C A2 E7 02 73 F6 5C 84 F4 5C 3B 75 ........s.\..\;u 0020: 0F 82 3B A5 33 02 20 07 A3 62 7B 78 B0 F5 BA A1 ..;.3. ..b.x.... 0030: F2 77 89 57 F0 73 EB 4D 61 06 6F 0C F7 A6 7B 1A .w.W.s.Ma.o..... 0040: DA B0 94 25 FC 24 71 ...%.$q ] Certificate stored under subordinate8 in the certificate store. # cat subordinate-cert-updater.conf keyStoreConfig = { hsmHost = subs hsmPort = 288 userConfigs = [ { username = "COMMISSIONER" mode = CARD_READER device = ":cs2:cjo:USB0" } ] } certificateStoreFile = "./certificateStore.jks" certificateStorePassword = "trustpass" keyConfig = { keyAlias = "subordinate%NUMBER" keyGroup = "TCN.SUBORDINATE" keySpecifier = 1 } # cat subordinate-cert-updater.conf # ./subordinate-hsm-operations.sh cert-updater 1 Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Retrieving the certificate `subordinate1` from the certificate store... Updating the key `subordinate1` certificate chain in the HSM... Certificate updated under the `subordinate1` in the HSM. # ./subordinate-hsm-operations.sh cert-updater 1 2 Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Retrieving the certificate `subordinate2` from the certificate store... Updating the key `subordinate2` certificate chain in the HSM... Certificate updated under the `subordinate2` in the HSM. # ./subordinate-hsm-operations.sh cert-updater 2 3 Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Retrieving the certificate `subordinate3` from the certificate store... Updating the key `subordinate3` certificate chain in the HSM... Certificate updated under the `subordinate3` in the HSM. # ./subordinate-hsm-operations.sh cert-updater 3 4 Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Retrieving the certificate `subordinate4` from the certificate store... Updating the key `subordinate4` certificate chain in the HSM... Certificate updated under the `subordinate4` in the HSM. # ./subordinate-hsm-operations.sh cert-updater 4 5 Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Retrieving the certificate `subordinate5` from the certificate store... Updating the key `subordinate5` certificate chain in the HSM... Certificate updated under the `subordinate5` in the HSM. # ./subordinate-hsm-operations.sh cert-updater 5 6 Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Retrieving the certificate `subordinate6` from the certificate store... Updating the key `subordinate6` certificate chain in the HSM... Certificate updated under the `subordinate6` in the HSM. # ./subordinate-hsm-operations.sh cert-updater 6 7 Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Retrieving the certificate `subordinate7` from the certificate store... Updating the key `subordinate7` certificate chain in the HSM... Certificate updated under the `subordinate7` in the HSM. # ./subordinate-hsm-operations.sh cert-updater 7 8 Authenticating using username: COMMISSIONER Authenticating using card reader Connect the card reader and press Enter (or Q to quit): Accessing the certificate key group data... Authentication sufficient Retrieving the certificate `subordinate8` from the certificate store... Updating the key `subordinate8` certificate chain in the HSM... Certificate updated under the `subordinate8` in the HSM. # keytool -list -v -keystore certificateStore.jks -storetype jks Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 9 entries Alias name: subordinate8 Creation date: Sep 14, 2018 Entry type: trustedCertEntry Owner: CN=Corda Network Authority CNA8, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Issuer: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Serial number: 59a90fac9f273da0 Valid from: Fri Sep 14 00:00:00 UTC 2018 until: Mon Jan 18 00:00:00 UTC 2038 Certificate fingerprints: MD5: DE:7D:3B:EB:E6:A8:6C:C1:B7:FC:C7:60:48:88:CB:8D SHA1: 3A:C3:20:7A:75:C0:77:6F:68:F1:0C:5D:89:32:09:FF:00:7F:DD:FC SHA256: 59:E3:DA:20:59:F9:CA:05:94:52:EF:FC:B7:68:E4:38:5B:48:73:01:CC:5E:E4:5D:7C:46:E2:E8:57:D2:EB:35 Signature algorithm name: SHA256withECDSA Subject Public Key Algorithm: 256-bit EC key Version: 3 Extensions: #1: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 44 30 BE 62 A8 95 4B 13 03 5A D3 C4 63 45 6E 9C D0.b..K..Z..cEn. 0010: F1 1C E4 65 ...e ] ] #2: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] #3: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.corda.network/cnrc.crl] ]] #4: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [1.3.6.1.5.5.7.2.1] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 74 72 75 73 74 2E ..https://trust. 0010: 63 6F 72 64 61 2E 6E 65 74 77 6F 72 6B corda.network ]] ] ] #5: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] #6: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] #7: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 41 67 90 E4 B2 EA D8 E9 B5 39 51 91 31 8C D5 3C Ag.......9Q.1..< 0010: C9 67 A0 3B .g.; ] ] ******************************************* ******************************************* Alias name: subordinate7 Creation date: Sep 14, 2018 Entry type: trustedCertEntry Owner: CN=Corda Network Authority CNA7, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Issuer: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Serial number: 4eb88b4cc74c573e Valid from: Fri Sep 14 00:00:00 UTC 2018 until: Mon Jan 18 00:00:00 UTC 2038 Certificate fingerprints: MD5: B2:43:F2:82:3C:C5:25:61:3D:E6:09:7B:E3:1B:EF:75 SHA1: FE:ED:02:45:9E:7D:D5:D6:D0:E7:C0:F5:12:3E:0A:A5:16:97:4D:D7 SHA256: AD:4C:46:39:E0:8E:36:4D:2C:51:0F:4D:59:57:41:D4:81:ED:1F:3F:89:42:F9:CE:C9:10:16:CF:3E:2B:A6:50 Signature algorithm name: SHA256withECDSA Subject Public Key Algorithm: 256-bit EC key Version: 3 Extensions: #1: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 44 30 BE 62 A8 95 4B 13 03 5A D3 C4 63 45 6E 9C D0.b..K..Z..cEn. 0010: F1 1C E4 65 ...e ] ] #2: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] #3: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.corda.network/cnrc.crl] ]] #4: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [1.3.6.1.5.5.7.2.1] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 74 72 75 73 74 2E ..https://trust. 0010: 63 6F 72 64 61 2E 6E 65 74 77 6F 72 6B corda.network ]] ] ] #5: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] #6: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] #7: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 82 40 F4 0E A3 84 24 5C 70 23 40 2F EE 26 32 6D .@....$\p#@/.&2m 0010: AA 0E C4 BE .... ] ] ******************************************* ******************************************* Alias name: subordinate6 Creation date: Sep 14, 2018 Entry type: trustedCertEntry Owner: CN=Corda Network Authority CNA6, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Issuer: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Serial number: 12af2f30ed1f195d Valid from: Fri Sep 14 00:00:00 UTC 2018 until: Mon Jan 18 00:00:00 UTC 2038 Certificate fingerprints: MD5: F8:C9:5A:01:26:29:CA:5D:8E:37:1D:FE:DC:99:9E:58 SHA1: 82:7D:9D:FA:D0:D4:E3:F3:38:4F:F1:F7:40:DD:57:8B:C6:B8:86:6C SHA256: CA:7C:6E:EB:E2:AB:00:20:DC:92:EE:F0:CA:2C:ED:FE:8A:EA:E4:60:16:5E:37:BE:B8:54:2C:F3:15:21:38:82 Signature algorithm name: SHA256withECDSA Subject Public Key Algorithm: 256-bit EC key Version: 3 Extensions: #1: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 44 30 BE 62 A8 95 4B 13 03 5A D3 C4 63 45 6E 9C D0.b..K..Z..cEn. 0010: F1 1C E4 65 ...e ] ] #2: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] #3: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.corda.network/cnrc.crl] ]] #4: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [1.3.6.1.5.5.7.2.1] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 74 72 75 73 74 2E ..https://trust. 0010: 63 6F 72 64 61 2E 6E 65 74 77 6F 72 6B corda.network ]] ] ] #5: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] #6: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] #7: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 2A F4 08 90 73 CB 4F 14 B2 93 7A CB 93 5A 6F 91 *...s.O...z..Zo. 0010: 45 45 27 EB EE'. ] ] ******************************************* ******************************************* Alias name: subordinate5 Creation date: Sep 14, 2018 Entry type: trustedCertEntry Owner: CN=Corda Network Authority CNA5, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Issuer: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Serial number: 2f9a24cac7eb8eed Valid from: Fri Sep 14 00:00:00 UTC 2018 until: Mon Jan 18 00:00:00 UTC 2038 Certificate fingerprints: MD5: 06:E1:23:50:32:44:5C:00:07:6A:90:8E:E2:95:1F:BE SHA1: 45:25:AE:77:48:F0:62:AE:6D:B3:2D:86:BD:37:A8:4A:16:40:AF:79 SHA256: 0F:2F:08:0F:19:D0:C3:15:8B:FB:E9:94:EE:C1:85:50:4F:EF:21:A9:6C:23:50:C9:63:57:DB:78:0C:D6:B7:90 Signature algorithm name: SHA256withECDSA Subject Public Key Algorithm: 256-bit EC key Version: 3 Extensions: #1: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 44 30 BE 62 A8 95 4B 13 03 5A D3 C4 63 45 6E 9C D0.b..K..Z..cEn. 0010: F1 1C E4 65 ...e ] ] #2: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] #3: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.corda.network/cnrc.crl] ]] #4: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [1.3.6.1.5.5.7.2.1] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 74 72 75 73 74 2E ..https://trust. 0010: 63 6F 72 64 61 2E 6E 65 74 77 6F 72 6B corda.network ]] ] ] #5: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] #6: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] #7: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 7E B3 9D A4 D9 ED F4 B4 86 06 79 6B FE F8 2A 7B ..........yk..*. 0010: 9C C9 0E 97 .... ] ] ******************************************* ******************************************* Alias name: subordinate4 Creation date: Sep 14, 2018 Entry type: trustedCertEntry Owner: CN=Corda Network Authority CNA4, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Issuer: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Serial number: 2ccba5f7bc5df225 Valid from: Fri Sep 14 00:00:00 UTC 2018 until: Mon Jan 18 00:00:00 UTC 2038 Certificate fingerprints: MD5: 9B:6F:19:08:C1:56:DD:EF:40:A2:10:22:B2:D4:D7:0B SHA1: 9B:5B:FA:D0:D1:9C:B1:25:76:D3:C9:A5:0D:29:73:1A:7E:E4:E3:0C SHA256: 68:EA:D2:0A:AD:84:20:42:F1:37:88:F3:F7:2B:2F:F1:87:E4:BD:44:D7:03:FC:3F:85:91:C3:AA:9A:4B:BE:0F Signature algorithm name: SHA256withECDSA Subject Public Key Algorithm: 256-bit EC key Version: 3 Extensions: #1: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 44 30 BE 62 A8 95 4B 13 03 5A D3 C4 63 45 6E 9C D0.b..K..Z..cEn. 0010: F1 1C E4 65 ...e ] ] #2: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] #3: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.corda.network/cnrc.crl] ]] #4: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [1.3.6.1.5.5.7.2.1] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 74 72 75 73 74 2E ..https://trust. 0010: 63 6F 72 64 61 2E 6E 65 74 77 6F 72 6B corda.network ]] ] ] #5: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] #6: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] #7: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 78 1D 2D 23 54 A5 8E 7A B5 ED A1 FE 08 D0 8B 4E x.-#T..z.......N 0010: F0 D6 8B CE .... ] ] ******************************************* ******************************************* Alias name: subordinate3 Creation date: Sep 14, 2018 Entry type: trustedCertEntry Owner: CN=Corda Network Authority CNA3, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Issuer: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Serial number: 63fd945541a441d1 Valid from: Fri Sep 14 00:00:00 UTC 2018 until: Mon Jan 18 00:00:00 UTC 2038 Certificate fingerprints: MD5: E1:E6:DC:86:15:B9:D5:18:31:D9:53:C1:B8:B3:40:C2 SHA1: 27:5E:93:CA:81:B4:EB:14:75:61:06:AB:90:00:79:92:50:89:6D:D2 SHA256: 62:F8:3E:2C:31:83:AF:D9:80:B5:EF:28:BB:4D:FD:C9:2E:A5:69:D3:76:28:7A:A3:BA:22:0D:E0:DA:32:10:CD Signature algorithm name: SHA256withECDSA Subject Public Key Algorithm: 256-bit EC key Version: 3 Extensions: #1: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 44 30 BE 62 A8 95 4B 13 03 5A D3 C4 63 45 6E 9C D0.b..K..Z..cEn. 0010: F1 1C E4 65 ...e ] ] #2: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] #3: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.corda.network/cnrc.crl] ]] #4: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [1.3.6.1.5.5.7.2.1] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 74 72 75 73 74 2E ..https://trust. 0010: 63 6F 72 64 61 2E 6E 65 74 77 6F 72 6B corda.network ]] ] ] #5: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] #6: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] #7: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: EB 3F 58 3C DA 0A 40 6F F8 6E 49 9A 22 3F 8C 19 .?X<..@o.nI."?.. 0010: D5 8F A0 88 .... ] ] ******************************************* ******************************************* Alias name: subordinate2 Creation date: Sep 14, 2018 Entry type: trustedCertEntry Owner: CN=Corda Network Authority CNA2, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Issuer: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Serial number: 50fe91b874f00c1e Valid from: Fri Sep 14 00:00:00 UTC 2018 until: Mon Jan 18 00:00:00 UTC 2038 Certificate fingerprints: MD5: 52:E4:53:E1:EF:F4:8E:F4:69:EB:10:A8:C5:A9:53:E2 SHA1: E9:84:7D:C9:F0:C4:71:47:DB:9B:C7:63:74:A9:EB:C8:7F:01:E4:3D SHA256: 25:DB:98:03:07:1D:7E:57:03:5C:3E:3E:09:0A:BF:EB:C3:74:CE:78:2E:0B:5C:AC:40:55:50:57:B3:61:BF:78 Signature algorithm name: SHA256withECDSA Subject Public Key Algorithm: 256-bit EC key Version: 3 Extensions: #1: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 44 30 BE 62 A8 95 4B 13 03 5A D3 C4 63 45 6E 9C D0.b..K..Z..cEn. 0010: F1 1C E4 65 ...e ] ] #2: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] #3: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.corda.network/cnrc.crl] ]] #4: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [1.3.6.1.5.5.7.2.1] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 74 72 75 73 74 2E ..https://trust. 0010: 63 6F 72 64 61 2E 6E 65 74 77 6F 72 6B corda.network ]] ] ] #5: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] #6: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] #7: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: DC 22 4B 27 06 12 C1 23 E1 34 B1 64 22 95 17 09 ."K'...#.4.d"... 0010: 22 E4 B9 A4 "... ] ] ******************************************* ******************************************* Alias name: subordinate1 Creation date: Sep 14, 2018 Entry type: trustedCertEntry Owner: CN=Corda Network Authority CNA1, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Issuer: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Serial number: 346c5895dc683070 Valid from: Fri Sep 14 00:00:00 UTC 2018 until: Mon Jan 18 00:00:00 UTC 2038 Certificate fingerprints: MD5: E8:19:F7:4A:2F:7F:42:40:09:D7:E2:B3:DA:87:7D:0D SHA1: 76:6E:BD:9B:55:CD:DB:FA:4A:9F:9F:EE:5F:0F:52:63:D7:C9:1B:C2 SHA256: D6:9A:EA:7E:2D:94:24:D6:F8:E9:6C:29:C1:2E:03:2E:B8:12:31:8A:E5:C3:D7:B1:B3:20:CF:52:7F:CA:AD:B0 Signature algorithm name: SHA256withECDSA Subject Public Key Algorithm: 256-bit EC key Version: 3 Extensions: #1: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 44 30 BE 62 A8 95 4B 13 03 5A D3 C4 63 45 6E 9C D0.b..K..Z..cEn. 0010: F1 1C E4 65 ...e ] ] #2: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] #3: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.corda.network/cnrc.crl] ]] #4: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [1.3.6.1.5.5.7.2.1] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 74 72 75 73 74 2E ..https://trust. 0010: 63 6F 72 64 61 2E 6E 65 74 77 6F 72 6B corda.network ]] ] ] #5: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] #6: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] #7: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: A9 85 9F 69 4A BF 06 00 3F 92 39 8B D6 91 E4 AA ...iJ...?.9..... 0010: D0 02 ED F5 .... ] ] ******************************************* ******************************************* Alias name: rootca Creation date: Sep 14, 2018 Entry type: trustedCertEntry Owner: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Issuer: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Serial number: 10e5ff3ea9bed004 Valid from: Fri Sep 14 00:00:00 UTC 2018 until: Mon Jan 18 00:00:00 UTC 2038 Certificate fingerprints: MD5: 67:48:79:A6:DC:E4:AF:AF:B0:4C:A9:7D:C4:AA:E3:41 SHA1: 23:01:21:0E:B9:99:37:D4:A4:AA:3A:15:9C:57:D7:8B:68:6A:07:5B SHA256: AA:C8:DF:2F:20:FA:CC:BF:58:D9:6D:7F:29:13:DF:D8:A7:3C:A8:B6:78:93:1B:68:D4:87:AF:48:5B:C0:10:31 Signature algorithm name: SHA256withECDSA Subject Public Key Algorithm: 256-bit EC key Version: 3 Extensions: #1: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] #2: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 44 30 BE 62 A8 95 4B 13 03 5A D3 C4 63 45 6E 9C D0.b..K..Z..cEn. 0010: F1 1C E4 65 ...e ] ] ******************************************* ******************************************* # keytool -list -v -keystore certificateStore.jks -storetype jks # umount /media # loadkeys ukhwclock --show              loadkeys ukumount /media # loadkeys ukloadkeys ukumount /media # loadkeys uk # keytool -list -v -keystore certificateStore.jks -storetype jks # ./subordinate-hsm-operations.sh cert-updater 8 # keytool -list -v -keystore certificateStore.jks -storetype jks |less Enter keystore password: Keystore type: JKS Keystore provider: SUN  Your keystore contains 9 entries  Alias name: subordinate8 Creation date: Sep 14, 2018 Entry type: trustedCertEntry  Owner: CN=Corda Network Authority CNA8, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Issuer: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US Serial number: 59a90fac9f273da0 Valid from: Fri Sep 14 00:00:00 UTC 2018 until: Mon Jan 18 00:00:00 UTC 2038 Certificate fingerprints: MD5: DE:7D:3B:EB:E6:A8:6C:C1:B7:FC:C7:60:48:88:CB:8D SHA1: 3A:C3:20:7A:75:C0:77:6F:68:F1:0C:5D:89:32:09:FF:00:7F:DD:FC SHA256: 59:E3:DA:20:59:F9:CA:05:94:52:EF:FC:B7:68:E4:38:5B:48:73:01:CC:5E:E4:5D:7C:46:E2:E8:57:D2:EB:35 Signature algorithm name: SHA256withECDSA Subject Public Key Algorithm: 256-bit EC key Version: 3  Extensions:   #1: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 44 30 BE 62 A8 95 4B 13 03 5A D3 C4 63 45 6E 9C D0.b..K..Z..cEn. 0010: F1 1C E4 65 ...e ] ]  #2: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ]  #3: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.corda.network/cnrc.crl] ]]  #4: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [1.3.6.1.5.5.7.2.1] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 74 72 75 73 74 2E ..https://trust. 0010: 63 6F 72 64 61 2E 6E 65 74 77 6F 72 6B corda.network  ]] ] ]  #5: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ]  #6: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] :  ESCESC[[BB  :  ESCESC[[BB #7: ObjectId: 2.5.29.14 Criticality=false :  ESCESC[[BB SubjectKeyIdentifier [ :  ESCESC[[BB KeyIdentifier [ :  ESCESC[[BB 0000: 41 67 90 E4 B2 EA D8 E9 B5 39 51 91 31 8C D5 3C Ag.......9Q.1..< :  ESCESC[[BB 0010: C9 67 A0 3B .g.; :  ESCESC[[BB ] :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB  :  ESCESC[[BB  :  ESCESC[[BB ******************************************* :  ESCESC[[BB ******************************************* :  ESCESC[[BB  :  ESCESC[[BB  :  ESCESC[[BB Alias name: subordinate7 :  ESCESC[[BB Creation date: Sep 14, 2018 :  ESCESC[[BB Entry type: trustedCertEntry :  ESCESC[[BB  :  ESCESC[[BB Owner: CN=Corda Network Authority CNA7, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US :  ESCESC[[BB Issuer: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US :  ESCESC[[BB Serial number: 4eb88b4cc74c573e :  ESCESC[[BB Valid from: Fri Sep 14 00:00:00 UTC 2018 until: Mon Jan 18 00:00:00 UTC 2038 :  ESCESC[[BB Certificate fingerprints: :  ESCESC[[BB  MD5: B2:43:F2:82:3C:C5:25:61:3D:E6:09:7B:E3:1B:EF:75 :  ESCESC[[BB  SHA1: FE:ED:02:45:9E:7D:D5:D6:D0:E7:C0:F5:12:3E:0A:A5:16:97:4D:D7 :  ESCESC[[BB  SHA256: AD:4C:46:39:E0:8E:36:4D:2C:51:0F:4D:59:57:41:D4:81:ED:1F:3F:89:42:F9:CE:C9:10:16:CF:3E:2B:A6:50 :  ESCESC[[BB Signature algorithm name: SHA256withECDSA :  ESCESC[[BB Subject Public Key Algorithm: 256-bit EC key :  ESCESC[[BB Version: 3 :  ESCESC[[BB  :  ESCESC[[BB Extensions:  :  ESCESC[[BB  :  ESCESC[[BB #1: ObjectId: 2.5.29.35 Criticality=false :  ESCESC[[BB AuthorityKeyIdentifier [ :  ESCESC[[BB KeyIdentifier [ :  ESCESC[[BB 0000: 44 30 BE 62 A8 95 4B 13 03 5A D3 C4 63 45 6E 9C D0.b..K..Z..cEn. :  ESCESC[[BB 0010: F1 1C E4 65 ...e :  ESCESC[[BB ] :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #2: ObjectId: 2.5.29.19 Criticality=true :  ESCESC[[BB BasicConstraints:[ :  ESCESC[[BB  CA:true :  ESCESC[[BB  PathLen:2147483647 :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #3: ObjectId: 2.5.29.31 Criticality=false :  ESCESC[[BB CRLDistributionPoints [ :  ESCESC[[BB  [DistributionPoint: :  ESCESC[[BB  [URIName: http://crl.corda.network/cnrc.crl] :  ESCESC[[BB ]] :  ESCESC[[BB  :  ESCESC[[BB #4: ObjectId: 2.5.29.32 Criticality=false :  ESCESC[[BB CertificatePolicies [ :  ESCESC[[BB  [CertificatePolicyId: [1.3.6.1.5.5.7.2.1] :  ESCESC[[BB [PolicyQualifierInfo: [ :  ESCESC[[BB  qualifierID: 1.3.6.1.5.5.7.2.1 :  ESCESC[[BB  qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 74 72 75 73 74 2E ..https://trust. :  ESCESC[[BB 0010: 63 6F 72 64 61 2E 6E 65 74 77 6F 72 6B corda.network :  ESCESC[[BB  :  ESCESC[[BB ]] ] :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #5: ObjectId: 2.5.29.37 Criticality=false :  ESCESC[[BB ExtendedKeyUsages [ :  ESCESC[[BB  serverAuth :  ESCESC[[BB  clientAuth :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #6: ObjectId: 2.5.29.15 Criticality=true :  ESCESC[[BB KeyUsage [ :  ESCESC[[BB  DigitalSignature :  ESCESC[[BB  Key_CertSign :  ESCESC[[BB  Crl_Sign :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #7: ObjectId: 2.5.29.14 Criticality=false :  ESCESC[[BB SubjectKeyIdentifier [ :  ESCESC[[BB KeyIdentifier [ :  ESCESC[[BB 0000: 82 40 F4 0E A3 84 24 5C 70 23 40 2F EE 26 32 6D .@....$\p#@/.&2m :  ESCESC[[BB 0010: AA 0E C4 BE .... :  ESCESC[[BB ] :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB  :  ESCESC[[BB  :  ESCESC[[BB ******************************************* :  ESCESC[[BB ******************************************* :  ESCESC[[BB  :  ESCESC[[BB  :  ESCESC[[BB Alias name: subordinate6 :  ESCESC[[BB Creation date: Sep 14, 2018 :  ESCESC[[BB Entry type: trustedCertEntry :  ESCESC[[BB  :  ESCESC[[BB Owner: CN=Corda Network Authority CNA6, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US :  ESCESC[[BB Issuer: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US :  ESCESC[[BB Serial number: 12af2f30ed1f195d :  ESCESC[[BB Valid from: Fri Sep 14 00:00:00 UTC 2018 until: Mon Jan 18 00:00:00 UTC 2038 :  ESCESC[[BB Certificate fingerprints: :  ESCESC[[BB  MD5: F8:C9:5A:01:26:29:CA:5D:8E:37:1D:FE:DC:99:9E:58 :  ESCESC[[BB  SHA1: 82:7D:9D:FA:D0:D4:E3:F3:38:4F:F1:F7:40:DD:57:8B:C6:B8:86:6C :  ESCESC[[BB  SHA256: CA:7C:6E:EB:E2:AB:00:20:DC:92:EE:F0:CA:2C:ED:FE:8A:EA:E4:60:16:5E:37:BE:B8:54:2C:F3:15:21:38:82 :  ESCESC[[BB Signature algorithm name: SHA256withECDSA :  ESCESC[[BB Subject Public Key Algorithm: 256-bit EC key :  ESCESC[[BB Version: 3 :  ESCESC[[BB  :  ESCESC[[BB Extensions:  :  ESCESC[[BB  :  ESCESC[[BB #1: ObjectId: 2.5.29.35 Criticality=false :  ESCESC[[BB AuthorityKeyIdentifier [ :  ESCESC[[BB KeyIdentifier [ :  ESCESC[[BB 0000: 44 30 BE 62 A8 95 4B 13 03 5A D3 C4 63 45 6E 9C D0.b..K..Z..cEn. :  ESCESC[[BB 0010: F1 1C E4 65 ...e :  ESCESC[[BB ] :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #2: ObjectId: 2.5.29.19 Criticality=true :  ESCESC[[BB BasicConstraints:[ :  ESCESC[[BB  CA:true :  ESCESC[[BB  PathLen:2147483647 :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #3: ObjectId: 2.5.29.31 Criticality=false :  ESCESC[[BB CRLDistributionPoints [ :  ESCESC[[BB  [DistributionPoint: :  ESCESC[[BB  [URIName: http://crl.corda.network/cnrc.crl] :  ESCESC[[BB ]] :  ESCESC[[BB  :  ESCESC[[BB #4: ObjectId: 2.5.29.32 Criticality=false :  ESCESC[[BB CertificatePolicies [ :  ESCESC[[BB  [CertificatePolicyId: [1.3.6.1.5.5.7.2.1] :  ESCESC[[BB [PolicyQualifierInfo: [ :  ESCESC[[BB  qualifierID: 1.3.6.1.5.5.7.2.1 :  ESCESC[[BB  qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 74 72 75 73 74 2E ..https://trust. :  ESCESC[[BB 0010: 63 6F 72 64 61 2E 6E 65 74 77 6F 72 6B corda.network :  ESCESC[[BB  :  ESCESC[[BB ]] ] :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #5: ObjectId: 2.5.29.37 Criticality=false :  ESCESC[[BB ExtendedKeyUsages [ :  ESCESC[[BB  serverAuth :  ESCESC[[BB  clientAuth :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #6: ObjectId: 2.5.29.15 Criticality=true :  ESCESC[[BB KeyUsage [ :  ESCESC[[BB  DigitalSignature :  ESCESC[[BB  Key_CertSign :  ESCESC[[BB  Crl_Sign :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #7: ObjectId: 2.5.29.14 Criticality=false :  ESCESC[[BB SubjectKeyIdentifier [ :  ESCESC[[BB KeyIdentifier [ :  ESCESC[[BB 0000: 2A F4 08 90 73 CB 4F 14 B2 93 7A CB 93 5A 6F 91 *...s.O...z..Zo. :  ESCESC[[BB 0010: 45 45 27 EB EE'. :  ESCESC[[BB ] :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[AA M  :  ESCESC[[AA MEntry type: trustedCertEntry  :  ESCESC[[AA MCreation date: Sep 14, 2018  :  ESCESC[[AA MAlias name: subordinate6  :  ESCESC[[AA M  :  ESCESC[[AA M  :  ESCESC[[BB KeyIdentifier [ :  ESCESC[[BB 0000: 2A F4 08 90 73 CB 4F 14 B2 93 7A CB 93 5A 6F 91 *...s.O...z..Zo. :  ESCESC[[BB 0010: 45 45 27 EB EE'. :  ESCESC[[BB ] :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB  :  ESCESC[[BB  :  ESCESC[[BB ******************************************* :  ESCESC[[BB ******************************************* :  ESCESC[[BB  :  ESCESC[[BB  :  ESCESC[[BB Alias name: subordinate5 :  ESCESC[[BB Creation date: Sep 14, 2018 :  ESCESC[[BB Entry type: trustedCertEntry :  ESCESC[[BB  :  ESCESC[[BB Owner: CN=Corda Network Authority CNA5, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US :  ESCESC[[BB Issuer: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US :  ESCESC[[BB Serial number: 2f9a24cac7eb8eed :  ESCESC[[BB Valid from: Fri Sep 14 00:00:00 UTC 2018 until: Mon Jan 18 00:00:00 UTC 2038 :  ESCESC[[BB Certificate fingerprints: :  ESCESC[[BB  MD5: 06:E1:23:50:32:44:5C:00:07:6A:90:8E:E2:95:1F:BE :  ESCESC[[BB  SHA1: 45:25:AE:77:48:F0:62:AE:6D:B3:2D:86:BD:37:A8:4A:16:40:AF:79 :  ESCESC[[BB  SHA256: 0F:2F:08:0F:19:D0:C3:15:8B:FB:E9:94:EE:C1:85:50:4F:EF:21:A9:6C:23:50:C9:63:57:DB:78:0C:D6:B7:90 :  ESCESC[[BB Signature algorithm name: SHA256withECDSA :  ESCESC[[BB Subject Public Key Algorithm: 256-bit EC key :  ESCESC[[BB Version: 3 :  ESCESC[[BB  :  ESCESC[[BB Extensions:  :  ESCESC[[BB  :  ESCESC[[BB #1: ObjectId: 2.5.29.35 Criticality=false :  ESCESC[[BB AuthorityKeyIdentifier [ :  ESCESC[[BB KeyIdentifier [ :  ESCESC[[BB 0000: 44 30 BE 62 A8 95 4B 13 03 5A D3 C4 63 45 6E 9C D0.b..K..Z..cEn. :  ESCESC[[BB 0010: F1 1C E4 65 ...e :  ESCESC[[BB ] :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #2: ObjectId: 2.5.29.19 Criticality=true :  ESCESC[[BB BasicConstraints:[ :  ESCESC[[BB  CA:true :  ESCESC[[BB  PathLen:2147483647 :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #3: ObjectId: 2.5.29.31 Criticality=false :  ESCESC[[BB CRLDistributionPoints [ :  ESCESC[[BB  [DistributionPoint: :  ESCESC[[BB  [URIName: http://crl.corda.network/cnrc.crl] :  ESCESC[[BB ]] :  ESCESC[[BB  :  ESCESC[[BB #4: ObjectId: 2.5.29.32 Criticality=false :  ESCESC[[BB CertificatePolicies [ :  ESCESC[[BB  [CertificatePolicyId: [1.3.6.1.5.5.7.2.1] :  ESCESC[[BB [PolicyQualifierInfo: [ :  ESCESC[[BB  qualifierID: 1.3.6.1.5.5.7.2.1 :  ESCESC[[BB  qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 74 72 75 73 74 2E ..https://trust. :  ESCESC[[BB 0010: 63 6F 72 64 61 2E 6E 65 74 77 6F 72 6B corda.network :  ESCESC[[BB  :  ESCESC[[BB ]] ] :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #5: ObjectId: 2.5.29.37 Criticality=false :  ESCESC[[BB ExtendedKeyUsages [ :  ESCESC[[BB  serverAuth :  ESCESC[[BB  clientAuth :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #6: ObjectId: 2.5.29.15 Criticality=true :  ESCESC[[BB KeyUsage [ :  ESCESC[[BB  DigitalSignature :  ESCESC[[BB  Key_CertSign :  ESCESC[[BB  Crl_Sign :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #7: ObjectId: 2.5.29.14 Criticality=false :  ESCESC[[BB SubjectKeyIdentifier [ :  ESCESC[[BB KeyIdentifier [ :  ESCESC[[BB 0000: 7E B3 9D A4 D9 ED F4 B4 86 06 79 6B FE F8 2A 7B ..........yk..*. :  ESCESC[[BB 0010: 9C C9 0E 97 .... :  ESCESC[[BB ] :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB  :  ESCESC[[BB  :  ESCESC[[BB ******************************************* :  ESCESC[[BB ******************************************* :  ESCESC[[BB  :  ESCESC[[BB  :  ESCESC[[BB Alias name: subordinate4 :  ESCESC[[BB Creation date: Sep 14, 2018 :  ESCESC[[BB Entry type: trustedCertEntry :  ESCESC[[BB  :  ESCESC[[BB Owner: CN=Corda Network Authority CNA4, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US :  ESCESC[[BB Issuer: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US :  ESCESC[[BB Serial number: 2ccba5f7bc5df225 :  ESCESC[[BB Valid from: Fri Sep 14 00:00:00 UTC 2018 until: Mon Jan 18 00:00:00 UTC 2038 :  ESCESC[[BB Certificate fingerprints: :  ESCESC[[BB  MD5: 9B:6F:19:08:C1:56:DD:EF:40:A2:10:22:B2:D4:D7:0B :  ESCESC[[BB  SHA1: 9B:5B:FA:D0:D1:9C:B1:25:76:D3:C9:A5:0D:29:73:1A:7E:E4:E3:0C :  ESCESC[[BB  SHA256: 68:EA:D2:0A:AD:84:20:42:F1:37:88:F3:F7:2B:2F:F1:87:E4:BD:44:D7:03:FC:3F:85:91:C3:AA:9A:4B:BE:0F :  ESCESC[[BB Signature algorithm name: SHA256withECDSA :  ESCESC[[BB Subject Public Key Algorithm: 256-bit EC key :  ESCESC[[BB Version: 3 :  ESCESC[[BB  :  ESCESC[[BB Extensions:  :  ESCESC[[BB  :  ESCESC[[BB #1: ObjectId: 2.5.29.35 Criticality=false :  ESCESC[[BB AuthorityKeyIdentifier [ :  ESCESC[[BB KeyIdentifier [ :  ESCESC[[BB 0000: 44 30 BE 62 A8 95 4B 13 03 5A D3 C4 63 45 6E 9C D0.b..K..Z..cEn. :  ESCESC[[BB 0010: F1 1C E4 65 ...e :  ESCESC[[BB ] :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #2: ObjectId: 2.5.29.19 Criticality=true :  ESCESC[[BB BasicConstraints:[ :  ESCESC[[BB  CA:true :  ESCESC[[BB  PathLen:2147483647 :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #3: ObjectId: 2.5.29.31 Criticality=false :  ESCESC[[BB CRLDistributionPoints [ :  ESCESC[[BB  [DistributionPoint: :  ESCESC[[BB  [URIName: http://crl.corda.network/cnrc.crl] :  ESCESC[[BB ]] :  ESCESC[[BB  :  ESCESC[[BB #4: ObjectId: 2.5.29.32 Criticality=false :  ESCESC[[BB CertificatePolicies [ :  ESCESC[[BB  [CertificatePolicyId: [1.3.6.1.5.5.7.2.1] :  ESCESC[[BB [PolicyQualifierInfo: [ :  ESCESC[[BB  qualifierID: 1.3.6.1.5.5.7.2.1 :  ESCESC[[BB  qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 74 72 75 73 74 2E ..https://trust. :  ESCESC[[BB 0010: 63 6F 72 64 61 2E 6E 65 74 77 6F 72 6B corda.network :  ESCESC[[BB  :  ESCESC[[BB ]] ] :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #5: ObjectId: 2.5.29.37 Criticality=false :  ESCESC[[BB ExtendedKeyUsages [ :  ESCESC[[BB  serverAuth :  ESCESC[[BB  clientAuth :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #6: ObjectId: 2.5.29.15 Criticality=true :  ESCESC[[BB KeyUsage [ :  ESCESC[[BB  DigitalSignature :  ESCESC[[BB  Key_CertSign :  ESCESC[[BB  Crl_Sign :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #7: ObjectId: 2.5.29.14 Criticality=false :  ESCESC[[BB SubjectKeyIdentifier [ :  ESCESC[[BB KeyIdentifier [ :  ESCESC[[BB 0000: 78 1D 2D 23 54 A5 8E 7A B5 ED A1 FE 08 D0 8B 4E x.-#T..z.......N :  ESCESC[[BB 0010: F0 D6 8B CE .... :  ESCESC[[BB ] :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB  :  ESCESC[[BB  :  ESCESC[[BB ******************************************* :  ESCESC[[BB ******************************************* :  ESCESC[[BB  :  ESCESC[[BB  :  ESCESC[[BB Alias name: subordinate3 :  ESCESC[[BB Creation date: Sep 14, 2018 :  ESCESC[[BB Entry type: trustedCertEntry :  ESCESC[[BB  :  ESCESC[[BB Owner: CN=Corda Network Authority CNA3, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US :  ESCESC[[BB Issuer: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US :  ESCESC[[BB Serial number: 63fd945541a441d1 :  ESCESC[[BB Valid from: Fri Sep 14 00:00:00 UTC 2018 until: Mon Jan 18 00:00:00 UTC 2038 :  ESCESC[[BB Certificate fingerprints: :  ESCESC[[BB  MD5: E1:E6:DC:86:15:B9:D5:18:31:D9:53:C1:B8:B3:40:C2 :  ESCESC[[BB  SHA1: 27:5E:93:CA:81:B4:EB:14:75:61:06:AB:90:00:79:92:50:89:6D:D2 :  ESCESC[[BB  SHA256: 62:F8:3E:2C:31:83:AF:D9:80:B5:EF:28:BB:4D:FD:C9:2E:A5:69:D3:76:28:7A:A3:BA:22:0D:E0:DA:32:10:CD :  ESCESC[[BB Signature algorithm name: SHA256withECDSA :  ESCESC[[BB Subject Public Key Algorithm: 256-bit EC key :  ESCESC[[BB Version: 3 :  ESCESC[[BB  :  ESCESC[[BB Extensions:  :  ESCESC[[BB  :  ESCESC[[BB #1: ObjectId: 2.5.29.35 Criticality=false :  ESCESC[[BB AuthorityKeyIdentifier [ :  ESCESC[[BB KeyIdentifier [ :  ESCESC[[BB 0000: 44 30 BE 62 A8 95 4B 13 03 5A D3 C4 63 45 6E 9C D0.b..K..Z..cEn. :  ESCESC[[BB 0010: F1 1C E4 65 ...e :  ESCESC[[BB ] :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #2: ObjectId: 2.5.29.19 Criticality=true :  ESCESC[[BB BasicConstraints:[ :  ESCESC[[BB  CA:true :  ESCESC[[BB  PathLen:2147483647 :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #3: ObjectId: 2.5.29.31 Criticality=false :  ESCESC[[BB CRLDistributionPoints [ :  ESCESC[[BB  [DistributionPoint: :  ESCESC[[BB  [URIName: http://crl.corda.network/cnrc.crl] :  ESCESC[[BB ]] :  ESCESC[[BB  :  ESCESC[[BB #4: ObjectId: 2.5.29.32 Criticality=false :  ESCESC[[BB CertificatePolicies [ :  ESCESC[[BB  [CertificatePolicyId: [1.3.6.1.5.5.7.2.1] :  ESCESC[[BB [PolicyQualifierInfo: [ :  ESCESC[[BB  qualifierID: 1.3.6.1.5.5.7.2.1 :  ESCESC[[BB  qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 74 72 75 73 74 2E ..https://trust. :  ESCESC[[BB 0010: 63 6F 72 64 61 2E 6E 65 74 77 6F 72 6B corda.network :  ESCESC[[BB  :  ESCESC[[BB ]] ] :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #5: ObjectId: 2.5.29.37 Criticality=false :  ESCESC[[BB ExtendedKeyUsages [ :  ESCESC[[BB  serverAuth :  ESCESC[[BB  clientAuth :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #6: ObjectId: 2.5.29.15 Criticality=true :  ESCESC[[BB KeyUsage [ :  ESCESC[[BB  DigitalSignature :  ESCESC[[BB  Key_CertSign :  ESCESC[[BB  Crl_Sign :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #7: ObjectId: 2.5.29.14 Criticality=false :  ESCESC[[BB SubjectKeyIdentifier [ :  ESCESC[[BB KeyIdentifier [ :  ESCESC[[BB 0000: EB 3F 58 3C DA 0A 40 6F F8 6E 49 9A 22 3F 8C 19 .?X<..@o.nI."?.. :  ESCESC[[BB 0010: D5 8F A0 88 .... :  ESCESC[[BB ] :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB  :  ESCESC[[BB  :  ESCESC[[BB ******************************************* :  ESCESC[[BB ******************************************* :  ESCESC[[BB  :  ESCESC[[BB  :  ESCESC[[BB Alias name: subordinate2 :  ESCESC[[BB Creation date: Sep 14, 2018 :  ESCESC[[BB Entry type: trustedCertEntry :  ESCESC[[BB  :  ESCESC[[BB Owner: CN=Corda Network Authority CNA2, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US :  ESCESC[[BB Issuer: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US :  ESCESC[[BB Serial number: 50fe91b874f00c1e :  ESCESC[[BB Valid from: Fri Sep 14 00:00:00 UTC 2018 until: Mon Jan 18 00:00:00 UTC 2038 :  ESCESC[[BB Certificate fingerprints: :  ESCESC[[BB  MD5: 52:E4:53:E1:EF:F4:8E:F4:69:EB:10:A8:C5:A9:53:E2 :  ESCESC[[BB  SHA1: E9:84:7D:C9:F0:C4:71:47:DB:9B:C7:63:74:A9:EB:C8:7F:01:E4:3D :  ESCESC[[BB  SHA256: 25:DB:98:03:07:1D:7E:57:03:5C:3E:3E:09:0A:BF:EB:C3:74:CE:78:2E:0B:5C:AC:40:55:50:57:B3:61:BF:78 :  ESCESC[[BB Signature algorithm name: SHA256withECDSA :  ESCESC[[BB Subject Public Key Algorithm: 256-bit EC key :  ESCESC[[BB Version: 3 :  ESCESC[[BB  :  ESCESC[[BB Extensions:  :  ESCESC[[BB  :  ESCESC[[BB #1: ObjectId: 2.5.29.35 Criticality=false :  ESCESC[[BB AuthorityKeyIdentifier [ :  ESCESC[[BB KeyIdentifier [ :  ESCESC[[BB 0000: 44 30 BE 62 A8 95 4B 13 03 5A D3 C4 63 45 6E 9C D0.b..K..Z..cEn. :  ESCESC[[BB 0010: F1 1C E4 65 ...e :  ESCESC[[BB ] :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #2: ObjectId: 2.5.29.19 Criticality=true :  ESCESC[[BB BasicConstraints:[ :  ESCESC[[BB  CA:true :  ESCESC[[BB  PathLen:2147483647 :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #3: ObjectId: 2.5.29.31 Criticality=false :  ESCESC[[BB CRLDistributionPoints [ :  ESCESC[[BB  [DistributionPoint: :  ESCESC[[BB  [URIName: http://crl.corda.network/cnrc.crl] :  ESCESC[[BB ]] :  ESCESC[[BB  :  ESCESC[[BB #4: ObjectId: 2.5.29.32 Criticality=false :  ESCESC[[BB CertificatePolicies [ :  ESCESC[[BB  [CertificatePolicyId: [1.3.6.1.5.5.7.2.1] :  ESCESC[[BB [PolicyQualifierInfo: [ :  ESCESC[[BB  qualifierID: 1.3.6.1.5.5.7.2.1 :  ESCESC[[BB  qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 74 72 75 73 74 2E ..https://trust. :  ESCESC[[BB 0010: 63 6F 72 64 61 2E 6E 65 74 77 6F 72 6B corda.network :  ESCESC[[BB  :  ESCESC[[BB ]] ] :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #5: ObjectId: 2.5.29.37 Criticality=false :  ESCESC[[BB ExtendedKeyUsages [ :  ESCESC[[BB  serverAuth :  ESCESC[[BB  clientAuth :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #6: ObjectId: 2.5.29.15 Criticality=true :  ESCESC[[BB KeyUsage [ :  ESCESC[[BB  DigitalSignature :  ESCESC[[BB  Key_CertSign :  ESCESC[[BB  Crl_Sign :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #7: ObjectId: 2.5.29.14 Criticality=false :  ESCESC[[BB SubjectKeyIdentifier [ :  ESCESC[[BB KeyIdentifier [ :  ESCESC[[BB 0000: DC 22 4B 27 06 12 C1 23 E1 34 B1 64 22 95 17 09 ."K'...#.4.d"... :  ESCESC[[BB 0010: 22 E4 B9 A4 "... :  ESCESC[[BB ] :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB  :  ESCESC[[BB  :  ESCESC[[BB ******************************************* :  ESCESC[[BB ******************************************* :  ESCESC[[BB  :  ESCESC[[BB  :  ESCESC[[BB Alias name: subordinate1 :  ESCESC[[BB Creation date: Sep 14, 2018 :  ESCESC[[BB Entry type: trustedCertEntry :  ESCESC[[BB  :  ESCESC[[BB Owner: CN=Corda Network Authority CNA1, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US :  ESCESC[[BB Issuer: CN=Corda Network Root Certificate, OU=Corda Network, O=Corda Network Governing Body, L=New York, C=US :  ESCESC[[BB Serial number: 346c5895dc683070 :  ESCESC[[BB Valid from: Fri Sep 14 00:00:00 UTC 2018 until: Mon Jan 18 00:00:00 UTC 2038 :  ESCESC[[BB Certificate fingerprints: :  ESCESC[[BB  MD5: E8:19:F7:4A:2F:7F:42:40:09:D7:E2:B3:DA:87:7D:0D :  ESCESC[[BB  SHA1: 76:6E:BD:9B:55:CD:DB:FA:4A:9F:9F:EE:5F:0F:52:63:D7:C9:1B:C2 :  ESCESC[[BB  SHA256: D6:9A:EA:7E:2D:94:24:D6:F8:E9:6C:29:C1:2E:03:2E:B8:12:31:8A:E5:C3:D7:B1:B3:20:CF:52:7F:CA:AD:B0 :  ESCESC[[BB Signature algorithm name: SHA256withECDSA :  ESCESC[[BB Subject Public Key Algorithm: 256-bit EC key :  ESCESC[[BB Version: 3 :  ESCESC[[BB  :  ESCESC[[BB Extensions:  :  ESCESC[[BB  :  ESCESC[[BB #1: ObjectId: 2.5.29.35 Criticality=false :  ESCESC[[BB AuthorityKeyIdentifier [ :  ESCESC[[BB KeyIdentifier [ :  ESCESC[[BB 0000: 44 30 BE 62 A8 95 4B 13 03 5A D3 C4 63 45 6E 9C D0.b..K..Z..cEn. :  ESCESC[[BB 0010: F1 1C E4 65 ...e :  ESCESC[[BB ] :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #2: ObjectId: 2.5.29.19 Criticality=true :  ESCESC[[BB BasicConstraints:[ :  ESCESC[[BB  CA:true :  ESCESC[[BB  PathLen:2147483647 :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #3: ObjectId: 2.5.29.31 Criticality=false :  ESCESC[[BB CRLDistributionPoints [ :  ESCESC[[BB  [DistributionPoint: :  ESCESC[[BB  [URIName: http://crl.corda.network/cnrc.crl] :  ESCESC[[BB ]] :  ESCESC[[BB  :  ESCESC[[BB #4: ObjectId: 2.5.29.32 Criticality=false :  ESCESC[[BB CertificatePolicies [ :  ESCESC[[BB  [CertificatePolicyId: [1.3.6.1.5.5.7.2.1] :  ESCESC[[BB [PolicyQualifierInfo: [ :  ESCESC[[BB  qualifierID: 1.3.6.1.5.5.7.2.1 :  ESCESC[[BB  qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 74 72 75 73 74 2E ..https://trust. :  ESCESC[[BB 0010: 63 6F 72 64 61 2E 6E 65 74 77 6F 72 6B corda.network :  ESCESC[[BB  :  ESCESC[[BB ]] ] :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #5: ObjectId: 2.5.29.37 Criticality=false :  ESCESC[[BB ExtendedKeyUsages [ :  ESCESC[[BB  serverAuth :  ESCESC[[BB  clientAuth :  ESCESC[[BB ] :  ESCESC[[BB  :  ESCESC[[BB #6: ObjectId: 2.5.29.15 Criticality=true :  ESCESC[[BB KeyUsage [ :  ESCESC[[BB  DigitalSignature :  ESCESC[[BB  Key_CertSign :  ESCESC[[BB  Crl_Sign :  ESCESC[[BB ] :  ESCESC[[BB  : # ket ytool -importkeystore -srckeystore ve  certificateStore.jks =dest     -dset   estkeystore certifcateStore.p12f[1@o[1@icateStore.p12 -srcstoretype JKS =dest     -deststoretype PKCS12 Importing keystore certificateStore.jks to certificateStore.p12... Enter destination keystore password: Re-enter new password: Enter source keystore password: Entry for alias subordinate8 successfully imported. Entry for alias subordinate7 successfully imported. Entry for alias subordinate6 successfully imported. Entry for alias subordinate5 successfully imported. Entry for alias subordinate4 successfully imported. Entry for alias subordinate3 successfully imported. Entry for alias subordinate2 successfully imported. Entry for alias subordinate1 successfully imported. Entry for alias rootca successfully imported. Import command completed: 9 entries successfully imported, 0 entries failed or cancelled # keytool -list -keystore certificateStore.p12 -storetype pkcs12 Enter keystore password: Keystore type: PKCS12 Keystore provider: SunJSSE Your keystore contains 9 entries subordinate8, Sep 14, 2018, trustedCertEntry, Certificate fingerprint (SHA1): 3A:C3:20:7A:75:C0:77:6F:68:F1:0C:5D:89:32:09:FF:00:7F:DD:FC subordinate7, Sep 14, 2018, trustedCertEntry, Certificate fingerprint (SHA1): FE:ED:02:45:9E:7D:D5:D6:D0:E7:C0:F5:12:3E:0A:A5:16:97:4D:D7 subordinate6, Sep 14, 2018, trustedCertEntry, Certificate fingerprint (SHA1): 82:7D:9D:FA:D0:D4:E3:F3:38:4F:F1:F7:40:DD:57:8B:C6:B8:86:6C subordinate5, Sep 14, 2018, trustedCertEntry, Certificate fingerprint (SHA1): 45:25:AE:77:48:F0:62:AE:6D:B3:2D:86:BD:37:A8:4A:16:40:AF:79 subordinate4, Sep 14, 2018, trustedCertEntry, Certificate fingerprint (SHA1): 9B:5B:FA:D0:D1:9C:B1:25:76:D3:C9:A5:0D:29:73:1A:7E:E4:E3:0C subordinate3, Sep 14, 2018, trustedCertEntry, Certificate fingerprint (SHA1): 27:5E:93:CA:81:B4:EB:14:75:61:06:AB:90:00:79:92:50:89:6D:D2 subordinate2, Sep 14, 2018, trustedCertEntry, Certificate fingerprint (SHA1): E9:84:7D:C9:F0:C4:71:47:DB:9B:C7:63:74:A9:EB:C8:7F:01:E4:3D subordinate1, Sep 14, 2018, trustedCertEntry, Certificate fingerprint (SHA1): 76:6E:BD:9B:55:CD:DB:FA:4A:9F:9F:EE:5F:0F:52:63:D7:C9:1B:C2 rootca, Sep 14, 2018, trustedCertEntry, Certificate fingerprint (SHA1): 23:01:21:0E:B9:99:37:D4:A4:AA:3A:15:9C:57:D7:8B:68:6A:07:5B # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:16 1 14.3G 0 disk `-sdb1 8:17 1 14.3G 0 part nvme0n1 259:0 0 238.5G 0 disk |-nvme0n1p1 259:1 0 260M 0 part |-nvme0n1p2 259:2 0 16M 0 part |-nvme0n1p3 259:3 0 237.2G 0 part `-nvme0n1p4 259:4 0 1000M 0 part # mkfs.vfat /dev/sdb1 mkfs.fat 4.1 (2017-01-24) # mount /dev/sdb1 /mnt # cp certificateStore.* /mnt # ls -la /        cp TCN.ROOT_rootca.der /mnt/ # ls -la /mnt total 32 drwxr-xr-x 2 root root 8192 Sep 14 14:55 . drwxr-xr-x 19 root root 400 Sep 14 2018 .. -rwxr-xr-x 1 root root 589 Sep 14 14:55 TCN.ROOT_rootca.der -rwxr-xr-x 1 root root 7121 Sep 14 14:55 certificateStore.jks -rwxr-xr-x 1 root root 7954 Sep 14 14:55 certificateStore.p12 # umount /m mnt/ # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:16 1 14.4G 0 disk `-sdb1 8:17 1 14.4G 0 part nvme0n1 259:0 0 238.5G 0 disk |-nvme0n1p1 259:1 0 260M 0 part |-nvme0n1p2 259:2 0 16M 0 part |-nvme0n1p3 259:3 0 237.2G 0 part `-nvme0n1p4 259:4 0 1000M 0 part # mkfs.vfat /dev/sdb1 mkfs.fat 4.1 (2017-01-24) # mount /dev/sdb1 /mnt/ # cp certificateStore.* /mnt/ # cp TCN.ROOT_rootca.der /mnt # ls -la /mnt/ total 32 drwxr-xr-x 2 root root 8192 Sep 14 14:57 . drwxr-xr-x 19 root root 400 Sep 14 2018 .. -rwxr-xr-x 1 root root 589 Sep 14 14:57 TCN.ROOT_rootca.der -rwxr-xr-x 1 root root 7121 Sep 14 14:56 certificateStore.jks -rwxr-xr-x 1 root root 7954 Sep 14 14:56 certificateStore.p12 # umount /mnt/ # csadm Dev=subs LogonSign=HSA MAdmin1,:cs2:cjo:USb0 LogonA         B0 LogonSign=HSMOversight1,:cs2:cjo:USB0 De eleteUser=SUPER # csadm Dev=subs LogonSign=HSMAdmin1,:cs2:cjo:USB0 LogonSign=HSMOversight1,:cs2:cjo:USB0 DeleteUser=SUPER     COMMISSIONER # csadm Dev=subs ListUsers Name Permission Mechanism Attributes HSMAdmin1 22022000 RSA sign Z[0]A[CXI_GROUP=*] HSMAdmin2 22022000 RSA sign A[CXI_GROUP=*] HSMOversight1 22020020 RSA sign Z[0]A[CXI_GROUP=*] HSMOversight2 22020020 RSA sign A[CXI_GROUP=*] # cxitool LogonSign=HS                    mkdir /tmp/backup # csadm Devs =subs LoginSign=HSMAdmin1,:cs2:cjo:USB0 BackupDate abase=/tmp/backup/user.db unknown option / command 'LoginSign=HSMAdmin1,:cs2:cjo:USB0' Use 'csadm Help' to get a list of all legal commands # csadm Dev=subs LoginSign=HSMAdmin1,:cs2:cjo:USB0 BackupDatabase=/tmp/backup/user.dbH[1@o Error B0880009 CryptoServer Database Module bad database name # cd /tmp/backup # cd /tmp/backup # csadm Dev=subs LogonSign=HSMAdmin1,:cs2:cjo:USB0 BackupDatabase=/tmp/backup/user.db/ # csadm Dev=subs LogonSign=HSMAdmin1,:cs2:cjo:USB0 BackupDatabase=user.db         e e=CXOLEY    ILLE   KEY.db   # ls -la total 24 drwxr-xr-x 2 root root 80 Sep 14 15:17 . drwxrwxrwt 8 root root 160 Sep 14 15:12 .. -rw-r--r-- 1 root root 17574 Sep 14 15:17 CXIKEY.db -rw-r--r-- 1 root root 2202 Sep 14 15:16 user.db # gpg --cipth  her-algo aes256 --output /tmp/backup/CXIKEY.db.enc --passpg hrease    ase-file /tmp/gpg/subs_backup_key.txt --batch --yes --armour --symmetric /tmp/backup/CXIKEY.db # gpg --cipher-algo aes256 --output /tmp/backup/CXIKEY.db.enc --passphrase-file /tmp/gpg/subs_backup_key.txt --batch --yes --armour --symmetric /tmp/backup/CXIKEY.db         s user.dbEY[1@i[1@u[1@s[1@e[1@r # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:16 1 14.3G 0 disk `-sdb1 8:17 1 14.3G 0 part nvme0n1 259:0 0 238.5G 0 disk |-nvme0n1p1 259:1 0 260M 0 part |-nvme0n1p2 259:2 0 16M 0 part |-nvme0n1p3 259:3 0 237.2G 0 part `-nvme0n1p4 259:4 0 1000M 0 part # mkfs.vfat /dev/sdb1 mkfs.fat 4.1 (2017-01-24) # mount / d /dev/sdb1 /mnt/ # cp /tmp/backup/*.env c /mnt # ls -la /mnt total 32 drwxr-xr-x 2 root root 8192 Sep 14 15:22 . drwxr-xr-x 19 root root 400 Sep 14 2018 .. -rwxr-xr-x 1 root root 14101 Sep 14 15:22 CXIKEY.db.enc -rwxr-xr-x 1 root root 1955 Sep 14 15:22 user.db.enc # umount /mnt/ #  # lsusb    bl  sblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:16 1 14.4G 0 disk `-sdb1 8:17 1 14.4G 0 part nvme0n1 259:0 0 238.5G 0 disk |-nvme0n1p1 259:1 0 260M 0 part |-nvme0n1p2 259:2 0 16M 0 part |-nvme0n1p3 259:3 0 237.2G 0 part `-nvme0n1p4 259:4 0 1000M 0 part # mkgs  fs.vs t r fat /dev/sdb1 mkfs.fat 4.1 (2017-01-24) # mount /dev/ssdb2 1    db1 /mnt/ # cp /tmp/backup/*.enc /mnt/ # ls -la /mnt total 32 drwxr-xr-x 2 root root 8192 Sep 14 15:23 . drwxr-xr-x 19 root root 400 Sep 14 2018 .. -rwxr-xr-x 1 root root 14101 Sep 14 15:23 CXIKEY.db.enc -rwxr-xr-x 1 root root 1955 Sep 14 15:23 user.db.enc # umount /mnt/ #  # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:16 1 14.3G 0 disk `-sdb1 8:17 1 14.3G 0 part nvme0n1 259:0 0 238.5G 0 disk |-nvme0n1p1 259:1 0 260M 0 part |-nvme0n1p2 259:2 0 16M 0 part |-nvme0n1p3 259:3 0 237.2G 0 part `-nvme0n1p4 259:4 0 1000M 0 part # mkfs.vfat /dev/sdb1 mkfs.fat 4.1 (2017-01-24) # mount /dev/sdb1 /mnt/ # cp /tmp/backup  /*.enc /mnt/ # ls -l  a /mnt/ total 32 drwxr-xr-x 2 root root 8192 Sep 14 15:24 . drwxr-xr-x 19 root root 400 Sep 14 2018 .. -rwxr-xr-x 1 root root 14101 Sep 14 15:24 CXIKEY.db.enc -rwxr-xr-x 1 root root 1955 Sep 14 15:24 user.db.enc # umount /mnt/ #  # l  d -l    s -l /tmp/audit/ total 196 -rw-r--r-- 1 root root 200704 Sep 14 15:23 tcn-rkg-2018-09-14.log # cd /tcnh /hsm/ # csadm Dev=subs LogonSign=HSAM  MAdmin1,cs  :cs2:cjo:USB0 GetAuditLog > /tmp/audit/hsm02_audit.log # csadm Dev=subs LogonSign=HSMAdmin1,:cs2:cjo:USB0 GetAuditLog > /tmp/audit/hsm02_audit.log # csadm Dev=subs LogonSign=HSMAdmin1,:cs2:cjo:USB0 Get     CS:Get: LogFie e le ? > /tmp[1@LGetLogFile > /tmp/audit/hsm_ 02_cslan.log # cd /tmp/audit/ # openssl ds gst -sa ha256 hsm02_audit.log > hsm02_audit.log  .sha256 # openssl ds gst-  -sha256 hsm02+ _cslan.log > hsam  m02_cslan.log  .sha256 # csadm Dev=subs CSLShutdown=ask Enter Passphrase: Error B90A0108 CSLAN CSLAN Control Module authentication failed # csadm Dev=subs CSLShutdown=ask Enter Passphrase: # xs    cd /tcn/hsm/ # csadm dev=root LogonSign=ADMIN,/tcn/hsm/key/ADMIN.key GetAuditLog > /tmp/audit/hsm01_audit.log # csadm dev=root LogonSign=ADMIN/ ,/tcn/hsm/key/ADMIN, .key CSLGetLogFile > /tmp/audit/hsm01_cslan.log # cd /tmp/audit # openssl g dgst -sha256 hsm01_audit.log > hsm0 01_audit.log  .sha256 # openssl ds gst -sha256 hsm01_cslan.log > hsm0  m00 1_cslan.log  .sha256 # cat *.sha256 SHA256(hsm01_audit.log)= 32da06f4be888f763d53e6c965e1b6f702057e89c4283f17f2850dace442cc20 SHA256(hsm01_cslan.log)= a305c6813483b03891a5a683a3f46152a6f520ae87c588d0cbd5bf99cefa8472 SHA256(hsm02_audit.log)= b8144eb6f27f10d5f449dd9a27baccbb04b1a2abbf8f101afdfec8f09099a51d SHA256(hsm02_cslan.log)= 0ab59c759a14f3f47285c6faa171901af35206b92759986443cee98dd7c9822c # ls -l  a total 272 drwxr-xr-x 2 root root 220 Sep 14 16:22 . drwxrwxrwt 8 root root 160 Sep 14 15:12 .. -rw-r--r-- 1 root root 16217 Sep 14 16:20 hsm01_audit.log -rw-r--r-- 1 root root 90 Sep 14 16:21 hsm01_audit.log.sha256 -rw-r--r-- 1 root root 6869 Sep 14 16:21 hsm01_cslan.log -rw-r--r-- 1 root root 90 Sep 14 16:22 hsm01_cslan.log.sha256 -rw-r--r-- 1 root root 28381 Sep 14 16:14 hsm02_audit.log -rw-r--r-- 1 root root 90 Sep 14 16:16 hsm02_audit.log.sha256 -rw-r--r-- 1 root root 6869 Sep 14 16:15 hsm02_cslan.log -rw-r--r-- 1 root root 90 Sep 14 16:16 hsm02_cslan.log.sha256 -rw-r--r-- 1 root root 200704 Sep 14 15:23 tcn-rkg-2018-09-14.log # csadm Dev=root Clear=Defaults # csadm Dev=root LogonSign=ADMIN,/tcn/hsm/key/ADMIN.key ResetAlert   arm # csadm Dev=root LogonSign=ADMIN,/tcn/hsm/key/ADMIN.key LoadPKG=/  /tcn/hsm/F  .gitattributes SecurityServer-Se2-Series-4.21.0.3.mpkg cmds.scf key/ MDL_PUB.key SecurityServer-V4.21.0.3.zip cslan-4.5.5.tar.gz # csadm Dev=root LogonSign=ADMIN,/tcn/hsm/key/ADMIN.key LoadPKG= /tcn/hsm/G F G= /tcn/hsm/SecurityServer-Se2-Series-4.21.0.3.mpkg I: Reading package... I: Retrieving file list from CryptoServer I: > load file adm_3.0.25.5_c50.mtc... I: > load file aes_1.4.1.4_c50.mtc... I: > load file asn1_1.0.3.6_c50.mtc... I: > load file cmds_3.6.2.0_c50.mtc... I: > load file cxi_2.3.0.5_c50.mtc... I: > load file db_1.3.2.2_c50.mtc... I: > load file dsa_1.2.3.3_c50.mtc... I: > load file eca_1.1.12.4_c50.mtc... I: > load file ecdsa_1.1.16.1_c50.mtc... I: > load file exar_2.2.1.1_c50.mtc... I: > load file hash_1.0.11.2_c50.mtc... I: > load file hce_2.2.2.3_c50.mtc... I: > load file lna_1.2.4.2_c50.mtc... I: > load file mbk_2.2.8.2_c50.mtc... I: > load file ntp_1.2.0.9_c50.mtc... I: > load file post_1.0.0.2_c50.mtc... I: > load file pp_1.3.1.7_c50.mtc... I: > load file sc_1.2.0.3_c50.mtc... I: > load file smos_5.5.9.1_c50.mtc... I: > load file util_3.0.5.1_c50.mtc... I: > load file vdes_1.0.9.3_c50.mtc... I: > load file vrsa_1.3.6.1_c50.mtc... I: loaded 22/22 files in package I: Restarting CryptoServer Package /tcn/hsm/SecurityServer-Se2-Series-4.21.0.3.mpkg successfully loaded # ls -l /tcn/hsm/ total 152904 -rw-r--r-- 1 root root 1051 Sep 13 19:20 MDL_PUB.key -r-xr-xr-x 1 root root 1896626 Sep 14 10:14 SecurityServer-Se2-Series-4.21.0.3.mpkg -rw-r--r-- 1 root root 116298829 Sep 13 19:20 SecurityServer-V4.21.0.3.zip -rw-r--r-- 1 root root 13376 Sep 13 19:20 cmds.scf -rw-r--r-- 1 root root 38347214 Sep 13 19:20 cslan-4.5.5.tar.gz drwxr-xr-x 2 root root 60 Sep 14 10:14 key # csadm Dev=root ListUsers Name Permission Mechanism Attributes ADMIN 22000000 RSA sign Z[0] # csadm Dev=root CSLSutdown=ask unknown option / command 'CSLSutdown=ask' Use 'csadm Help' to get a list of all legal commands # csadm Dev=root CSLSutdown=askS[1@h Enter Passphrase: # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT nvme0n1 259:0 0 238.5G 0 disk |-nvme0n1p1 259:1 0 260M 0 part |-nvme0n1p2 259:2 0 16M 0 part |-nvme0n1p3 259:3 0 237.2G 0 part `-nvme0n1p4 259:4 0 1000M 0 part # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:16 1 14.4G 0 disk `-sdb1 8:17 1 14.4G 0 part nvme0n1 259:0 0 238.5G 0 disk |-nvme0n1p1 259:1 0 260M 0 part |-nvme0n1p2 259:2 0 16M 0 part |-nvme0n1p3 259:3 0 237.2G 0 part `-nvme0n1p4 259:4 0 1000M 0 part # mkfs/v  .vfat /dev/sdb1 mkfs.fat 4.1 (2017-01-24) # mount /dev/sdb1 /mnt/ # ls-  -l/a    a /mnt/ total 8 drwxr-xr-x 2 root root 8192 Jan 1 1970 . drwxr-xr-x 19 root root 400 Sep 14 2018 .. # umount /mnt/ # lsblk /  NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:16 1 14.3G 0 disk `-sdb1 8:17 1 14.3G 0 part nvme0n1 259:0 0 238.5G 0 disk |-nvme0n1p1 259:1 0 260M 0 part |-nvme0n1p2 259:2 0 16M 0 part |-nvme0n1p3 259:3 0 237.2G 0 part `-nvme0n1p4 259:4 0 1000M 0 part # mkfs.ext   vfat /dev/sdb1 mkfs.fat 4.1 (2017-01-24) mo# mount /dev/sdb1 /mnt/ # ls -l  a /mnt/ total 8 drwxr-xr-x 2 root root 8192 Jan 1 1970 . drwxr-xr-x 19 root root 400 Sep 14 2018 .. # umount /mnt/ # exit exit Script done on 2018-09-14 16:36:33+00:00