|
| 1 | +# Import Export Migration Scripts |
| 2 | + |
| 3 | +## Assumptions |
| 4 | +KDH : Key Distribution Host |
| 5 | +KRD : Key Receiving Device |
| 6 | +Futurex : HSM is configured using PMK |
| 7 | + |
| 8 | +## Key Exchange using TR34 |
| 9 | + |
| 10 | +The script will establish a KEK (Key Encryption Key) between the chosen KDH and KRD. A set of options are supported for KDH and KRD type. |
| 11 | +Update the input_config.json file with details on the host connection. |
| 12 | +If KDH or KRD is APC (AWS Payment Cryptography), update the region and/or endpoint you would like to connect to. |
| 13 | +If KDH or KRD is Futurex or Payshield HSM, update the host ip address and port that you would like to stablish the connection to. |
| 14 | + |
| 15 | +As part of the key exchange, if you would like to generate a new symmetric KEK, leave 'transport_key' and 'transport_key_kcv' in the config file for KDH as blank. |
| 16 | +If you already have a key created, update the key and kcv in the config file for KDH. |
| 17 | + |
| 18 | +### Usage |
| 19 | + |
| 20 | +* Establish the connection to your chosen Payment HSM and update input config file with host and port info to connect. |
| 21 | +* Set AWS credentials for the account you want to use for the service resources. Set the region you want to execute the scripts in input config. |
| 22 | + |
| 23 | +``` |
| 24 | +python3 import_export_tr34.py --kdh <Options: "futurex | payshield"> --krd <Options: "apc"> |
| 25 | +``` |
| 26 | + |
| 27 | +## Key Exchange using TR31 |
| 28 | +The script will exchange working keys between KDH and KRD once a KEK is established between KDH and KRD. |
| 29 | +Establish a KEK using the Tr34 script and update the kek in the input_config file for both KDH and KRD. |
| 30 | + |
| 31 | +As part of the key exchange, if you would like to generate a new symmetric KEK, leave 'transport_key' and 'transport_key_kcv' in the config file for KDH as blank. |
| 32 | +If you already have a key created, update the key and kcv in the config file for KDH. |
| 33 | + |
| 34 | +### Usage |
| 35 | + |
| 36 | +* Establish the connection to your chosen Payment HSM and update input config file with host and port info to connect. |
| 37 | +* Set AWS credentials for the account you want to use for the service resources. Set the region you want to execute the scripts in input config. |
| 38 | + |
| 39 | +``` |
| 40 | +python3 import_export_tr31.py --kdh <Options: "futurex | payshield"> --krd <Options: "apc"> |
| 41 | +``` |
0 commit comments