- For this guide, the following assumptions are made:
- A Hardware Security Module (HSM) is deployed on the network
- The required key material is provisioned on the HSM. Use the HSM interface to manage the keys.
- For end-to-end encryption: The HSM has to provide the appropriate key (usually a certificate containing an RSA key) for the alias configured in IAM.
- For the encrypted hash function feature: The HSM has to provide the appropriate secret key entry (e.g. an AES key) for the alias and key type configured in IAM.
- A connection is established between the system running Airlock IAM and the HSM.
- The PKCS #11 native extensions of the HSM are installed on the system running Airlock IAM.
- TCP keep-alive should be enabled on both the HSM and the client.
If the connection is killed on either side, the Sun PKCS #11 Provider will throw an exception with "java.security.ProviderException: Token has been removed".