Black Box ET0010A User Manual

Modifying the ETKMS Properties File

256

EncrypTight User Guide

Hardware Security Module Configuration

The following entries control whether the encryption keys are stored in a Hardware Security Module
(HSM).

# Hardware Security Module Configuration
hardwareModuleInUse=false
vaultBaseDir=../keys

To store the encryption keys in an HSM, set the

hardwareModuleInUse

entry to

true

. When the entry

is set to

false

, the encryption keys are stored in the directory specified by the

vaultBaseDir

entry.

Digital Certificate Configuration

The following entries control digital certificate configuration and remote user certificate authorization. If
you use smart cards such as the DoD Common Access Card, you need to enable both strict authentication
and common name authorization in the ETKMS properties file.

# Certificate configuration
keystore=etkms.keystore
keystorePassword=myPassword
strictCertificateAuth=false
enableCNAuthCheck=false
cnAuthFilePath=../keys/cnAuth.cfg

Strict certificate authentication and common name authorization checking are disabled by default
(

false

). To enable those features, change the values to

true

. The path for the common name

authorization file is the default, but you can store the file in any directory on the ETKMS and enter the
appropriate path here.

CAUTION

Modify only these parameters as part of enabling strict authentication and using certificates. For more
information on strict authentication and using certificates, see

“Using Enhanced Security Features” on

page 261

. Modify other parameters only as instructed by a qualified support person.

Logging Setup

The following entries setup the Java log4j logging mechanism. By default the logging is setup for daily
log files.

# Logging Setup
log4j.rootLogger=ALL,Daily
log4j.appender.R.Threshold=INFO
log4j.appender.R=org.apache.log4j.DailyRollingFileAppender
log4j.appender.R.DatePattern=’.’yyy-MM-dd
log4j.appender.R.File=/var/log/etkms/kdist.log
log4j.appender.R.MaxFileSize=100KB