Prerequisites

Please adhere to the below-listed prerequisites as they are required for the correct installation, configuration and usage of the Primus Tools.

• Securosys Primus HSM or CloudHSM Service with JCE license and JCE API enabled
• Securosys PrimusX JCE provider v2.2.x or newer.
• Java Runtime Environment (JRE) 8 or newer
• “Unrestricted policy” files for Oracle Java (not mandatory for OpenJDK)
  • e.g. downloadable here (see README.txt how to install)

Primus HSM Configuration

To set up the Primus HSM Hardware, please refer to the user guide available on the Securosys Support Portal (account requried).

CloudHSM configuration

The CloudHSM partition comes preconfigured for the use of Primus Tools. Ensure the JCE API is included and activated in your subscription.

• Getting started with CloudHSM

To configure the on-premises Primus HSM, continue with the following steps:

• The Primus Tools require the JCE interface enabled on device and user level (plus license):

HSM User Interface (LC Display) Primus X/S-Series

  SETUP → CONFIGURATION → SECURITY → DEVICE SECURITY → CRYPTO POLICY → JCE
  SETUP → CONFIGURATION → SECURITY → USER SECURITY → JCE

HSM Console Primus HSM, all Series

hsm_sec_set_config jce=true
hsm_sec_enter_user_config
hsm_user_set_config jce=true

• The Primus Tools require a valid setup password, which can be renewed as follows:

HSM User Interface (LC Display) Primus X/S-Series

  ROLES → USER → NEW SETUP PASSWORD

HSM Console Primus HSM, all Series

hsm_sec_new_setup_pass

Continue to Installation.

caution

Since the temporary setup password will expire, you should retrieve the permanent secret (which does not expire).

• See How to fetch the permanent secret?.