Filter
Top Products
Modifying the ETKMS Properties File
256 EncrypTight User Guide
Hardware Security Module Configuration
The following entries control whether the encryption keys are stored in a Hardware Security Module
(HSM).
# Hardware Security Module Configuration
hardwareModuleInUse=false
vaultBaseDir=../keys
To store the encryption keys in an HSM, set the hardwareModuleInUse entry to true. When the entry
is set to
false, the encryption keys are stored in the directory specified by the vaultBaseDir entry.
Digital Certificate Configuration
The following entries control digital certificate configuration and remote user certificate authorization. If
you use smart cards such as the DoD Common Access Card, you need to enable both strict authentication
and common name authorization in the ETKMS properties file.
# Certificate configuration
keystore=etkms.keystore
keystorePassword=myPassword
strictCertificateAuth=false
enableCNAuthCheck=false
cnAuthFilePath=../keys/cnAuth.cfg
Strict certificate authentication and common name authorization checking are disabled by default
(
false). To enable those features, change the values to true. The path for the common name
authorization file is the default, but you can store the file in any directory on the ETKMS and enter the
appropriate path here.
CAUTION
Modify only these parameters as part of enabling strict authentication and using certificates. For more
information on strict authentication and using certificates, see “Using Enhanced Security Features” on
page 261. Modify other parameters only as instructed by a qualified support person.
Logging Setup
The following entries setup the Java log4j logging mechanism. By default the logging is setup for daily
log files.
# Logging Setup
log4j.rootLogger=ALL,Daily
log4j.appender.R.Threshold=INFO
log4j.appender.R=org.apache.log4j.DailyRollingFileAppender
log4j.appender.R.DatePattern=’.’yyy-MM-dd
log4j.appender.R.File=/var/log/etkms/kdist.log
log4j.appender.R.MaxFileSize=100KB