Introduction
This article will provide a very basic guideline on how you can migrate managed credentials in Safenet SAM to vSEC:CMS such that they can be managed by vSEC:CMS.
The steps provided here are a guideline only and may change over time. Please contact your Thales provider / partner if you need additional information that is not clear from this article.
Step 1 - Create vSEC:CMS Credential Template
Create a credential template for the credentials that you are about to import into vSEC:CMS by going to Templates - Card Templates - Add
Attach a credential that is to be migrated, in this article we will use a Safenet eToken 5110, and click the Detect button to allow vSEC:CMS determine its type. Click Ok once detected.
In this example we will keep the configuration to a minimum and save the template as is at this time.
Once the credential template is created select it and click View.
Make a note of the Template ID as this information is required to be input into the SAM Migration tool later below.
Step 2 - Create Transfer Encryptor
Before migrating the credentials from SAM it will be necessary to create an encryptor that will be used to encrypt the exported data from SAM.
From the vSEC:CMS Operator Console (OC) navigate to Repository - Smart Card Transfer. Here you have 2 options:
- Click the Import button to select a PKCS#12 file that contains the encryption key that was used to encrypt the SAM exported credential data file;
- Click the Create New Encryptor button to generate an encryption key pair.
It is recommended to use the Create New Encryptor option as this way the private key will be generated on the Operator credential and never leaves it.
If the Create New Encryptor button is clicked to generate an encryption key, then this key will remain on the Operator credential and will never leave it. Click the Copy button to get the public encryption key. This key will be used to encrypt the credential data when exporting the credential data from SAM.
For the purposes of this article we will presume that Create New Encryptor option is used as this is the more secure and recommended way to perform the encryption of the data that is being exported from SAM.
Navigate to Smart Card Transfer.
Click Create new encryptor. You will be prompted to enter your Operator credential passcode to authenticate and you will receive a success message once the process finishes.
Click the Copy button and save the public key (encryptor key) contents to a file. This will be used later when performing migration from SAM.
Step 3 - Export Credential Data from SAM
Open the SAMvSECMigrationTool.exe tool.
This tool should be provided to you by Thales.
Ensure all the information for the SAM Configuration File Path and other necessary information is properly set in the Current System Configuration.
Click the Find button.
Once all the credentials that are managed by SAM are displayed, scroll to the right side and input the Template ID that you had obtained when you created the credential template in Step 1 above into the vSEC Template ID field.
Tick the checkbox of the credential that you intend to export, provide the Encryptor Key that was generated in Step 2 (you should have saved this to a file above), select the location of where to save the exported information and then click on Export. The exported file that is to be imported by vSEC:CMS is in the form of a CSV file.
The csv file with the exported data can be modified if for example details in the file needed to be changed/added as some details could not be retrieved from SAM. Please contact Versasec for additional information on how the details can be edited.
Step 4 - Import Migrated SAM Data to vSEC:CMS
Navigate to Home - Repository - Smart Card Transfer and click on Browse and look for the location where the exported csv file is located.
Click on Import.
You can filter the cards based on a few criteria. If you intend to just import all the information you can just click Next.
Click on Next.
Click on Import.
A summary dialog of what is to be performed will be displayed. Click Yes to start the transfer.
On completion a table will be displayed showing what was imported. In this very basic sample only one card was imported into vSEC:CMS. You can click the Export button to save a file with summary information on what was imported as a report.
You should now see the credential as a managed vSEC:CMS credential from Repository - Smart Cards.
This completes the flow.