Manage the OpenEdge Database

Verify HSM token access

Save PDF

Verify HSM token access

Save PDF

Last Updated: July 3, 2024
2 minute read

OpenEdge
Version 12.8
Documentation

Once you have an initialized HSM token, you need to verify token access. The PROUTIL HSMVALIDATE utility checks that you can use HSM connection information to connect to the HSM token and that the token supplies the minimum required features.

Use the PROUTIL HSMVALIDATE utility to verify access, as follows:

proutil testdb1 -C hsmvalidate db -verbose < passphrases.txt

Slot info
 Description: Secure HSM partition 3c45fa0b-33cb-afc3-bbb1-124cdd89110e 
 Manufacturer ID: Secure HSM Company 
 Hardware version: 2.6
 Firmware version: 0.0
 Flags: 1
 Token present: TRUE
 Token initialized: TRUE
HSM device validation completed successfully.

This output shows a configured slot for the Secure HSM Company's product nethsm:

proutil testdb1 -C hsmvalidate hsm -HSMLibrary /usr/securehsm/nethsmclient/lib/libnethsm-5.3.0.so -HSMSlotID 1234566654 -verbose db -verbose

OpenEdge Release 12.5 as of Tue Jul 21 18:30:54 EDT 2021

Slot number:               1
Description:               Secure HSM partition 3c45fa0b-33cb-afc3-bbb1-124cdd89110e
Manufacturer ID:           Secure HSM Company
Hardware version:          2.6
Firmware version:          0.0
Flags: 1
Token present:             TRUE
Token initialized:         TRUE
HSM device validation completed successfully.

This output shows a configured label for the DB database for the Acme Company's Core product:

proutil testdb1 -C hsmvalidate hsm -HSMLibrary /usr/securehsm/nethsmclient/lib/libnethsm-5.3.0.so -HSMLabel AcmeDBCore -verbose db -verbose

OpenEdge Release 12.5 as of Tue Jul 21 18:30:54 EDT 2021

Label:                     AcmeDBCore
Description:               AcmeDB slot ID 0X68cb5446
Manufacturer ID:           Acme Company
Hardware version:          2.6
Firmware version:          2.6
Flags: 1
Token present:             TRUE
Token initialized:         TRUE
HSM device validation completed successfully.

If token access is not configured, the command returns the following output:

HSM slot undefined
This utility requires either '-HSMSlotID' or '-HSMLabel' on the command line to proceed. (20289)
EPolicy: Encryption policy management failed -1

For details about HSMVALIDATE syntax, see PROUTIL HSMVALIDATE qualifier.

Note: The Database Administrator should verify HSM token access for hot standby and replication database servers before enabling HSM in the source database.

After you verify token access, you are ready to enable HSM support. See Enable HSM support for a TDE enabled database.