SafeGuard CryptoServer x
How to change the Initial key on the CryptoServer?
After you recieved your CryptoServer it is important to change the Initial Key (InitKey)!
To do so follow the next steps on the command line:
- Reset your CryptoServer to the Bootloader Mode
- Load the new InitKey to the CryptoServer
csadm Dev="IP of your CryptoServer" InitPrvKey="Old Init Key" Admin3="Value for the Admin3 Field" BLChangeInitKey="NewInitKey"
csadm Dev=192.168.0.15 InitPrvKey=c:\keys\init_old_prv.key Admin3=’Init-Live01-Key’ BLChangeInitKey=c:\keys\init_new_pub.key
In case of loss or damage of the smart card containing the Initialization Key of the CryptoServer, base administration using the boot loader is no longer possible for the customer, and the CryptoServer has to be sent back to Utimaco Safeware AG (where a new Initialization Key will be loaded, using the Production Key).
Therefore it is highly recommended that a second, identical copy of the smart card containing the Initialization Key is prepared immediately, these two smart cards are carried by two different persons (System Administrator and his representative).
After the Initialization Key has been changed, the loaded firmware modules, signed with the old Initialization Key, could not longer be started. Therefore, before or after the changing of the Initialization Key all data inside the CryptoServer has to be cleared (BLClear command, chapter 4.7.4).
When the Initialization Key has been changed and the CryptoServer has been cleared (see above), the complete set of firmware modules must be re-signed with the new Initialization Key (see RemoveMTC and MakeMTC, chapter 4.5) and again loaded onto the CryptoServer.