C005590_01_CR2500_CR3500_User Manual_Appendix H
3
not accessible by users.
Chapter 2 – Seng up your FIPS hardware
Out of the box the reader/modem pair will behave as any standard non-FIPS pair. You can use them in non-FIPS mode
but be aware that any data you transmit will not be protected by the FIPS approved AES-256 encrypon algorithms. In
order to use FIPS mode the modules must be inialized by the CO. Inializaon cannot be performed by the Reader
role. You must authencate the CO role using the default password before Inializaon and you must create an
Inializaon bar code before you can perform Inializaon on the FIPS readers.
The reader module provides the interface to the modem module. Therefore, if you wish to Authencate or Inialize
both the reader and the modem you must have the reader paired with the modem while performing these tasks. To
connect the reader and modem, read the QuickConnect code printed on the modem with the reader. Refer to the User
Manual for the reader and modem for more informaon on pairing.
Default CO Authencaon
The bar code below contains the Authencaon command and the default CO password. Using this Authencaon the
CO can only Inialize or Zeroize the modules.
Figure 1 - Default Cryptographic Ocer Authencaon Bar Code
Creang an Inializaon Bar Code
Create the Inializaon bar code by wring a .crb le containing the Inializaon commands and data. Convert the .crb
le to a Data Matrix bar code by passing it through the CodeXML CRB to Code Ulity found at hp://codecorp.com/
EULACodeXMLCRBtoCodeUlity.php. The Inializaon command must be encoded in a Data Matrix bar code in order to
funcon.
The inializaon bar code contains six items.
1. The Inializaon command (H2; H indicates the FIPS command set, 2 is the Inializaon command)
2. A new Cryptographic Ocer password (Eight characters in the set 20
hex
through FF
hex
)
3. A group separator (1D
hex
)
4. A new Reader password (Eight characters in the set 20
hex
through FF
hex
)
5. A group separator (1D
hex
)
6. A new Key Encrypon Key (32 characters in the set 20
hex
through FF
hex
)
The code below shows example values for the new CO password, Reader password and KEK in a .crb le. You should
not use these values when creang an Inializaon bar code and the CO and Reader passwords must not be equal. You
must substute your own eight character passwords and 32 character KEK when you inialize. The lines starng with ‘;’
are comments. Some comment lines wrap to the next line in this example. Please see your FIPS documentaon kit for
the actual demo .crb le. The last line that starts with % is the Inializaon command. You may omit all comment lines
if you wish.
An ASCII to hex converter can be found at hp://www.idea2ic.com/PlayWithJavascript/hexToAscii.html. Use the ‘De-
limit with %’ to create hex strings of ASCII characters you can paste into .crb les.
;8/6/2010 16:43
(62 Seiten)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern