Back to articles
Back to Index

Posted on 27 April 2018 by in ProtectServer HSM

 

Product Release: SafeNet ProtectToolkit 5.6

Gemalto is pleased to announce the release of SafeNet ProtectToolkit 5.6, which extends the functionality and utility of SafeNet ProtectServer HSMs. SafeNet ProtectToolkit 5.6 is compatible with SafeNet ProtectServer Network HSM, Network HSM Plus, and PCIe HSM. Release 5.6 provides the following new features and enhancements:

  • Support for SHA3 Hash Algorithms
    SafeNet ProtectToolkit 5.6 provides new mechanisms that use the SHA3 standard. This firmware supports the latest features from release 5.6. The following new mechanisms are available in firmware 5.03.00:
    • CKM_AES_GCM
    • SHA3 Signing mechanisms:
      • CKM_SHA3_224_RSA_PKCS
      • CKM_SHA3_256_RSA_PKCS
      • CKM_SHA3_384_RSA_PKCS
      • CKM_SHA3_512_RSA_PKCS
      • CKM_SHA3_224_RSA_PKCS_PSS
      • CKM_SHA3_256_RSA_PKCS_PSS
      • CKM_SHA3_384_RSA_PKCS_PSS
      • CKM_SHA3_512_RSA_PKCS_PSS
      • CKM_ECDSA_SHA3_22
      • CKM_ECDSA_SHA3_256
      • CKM_ECDSA_SHA3_384
      • CKM_ECDSA_SHA3_512
    • SHA3 Hashing mechanisms:
      • CKM_SHA3_224
      •  CKM_SHA3_256
      • CKM_SHA3_384
      • CKM_SHA3_512
    • SHA3 HMAC mechanisms:
      • CKM_SHA3_224_HMAC
      • CKM_SHA3_224_HMAC_GENERAL
      • CKM_SHA3_256_HMAC
      • CKM_SHA3_256_HMAC_GENERA
      • CKM_SHA3_384_HMAC
      • CKM_SHA3_384_HMAC_GENERAL
      • CKM_SHA3_512_HMAC
      • CKM_SHA3_512_HMAC_GENERAL
    • SHA3 Key derivation mechanisms:
      • CKM_SHA3_224_KEY_DERIVE
      • CKM_SHA3_256_KEY_DERIVE 
      • CKM_SHA3_384_KEY_DERIVE
      • CKM_SHA3_512_KEY_DERIVE
  • Support for PKCS#11 v.2.30-Compliant AES-GCM:  SafeNet ProtectToolkit 5.6 supports the Galois/Counter Mode (GCM) option with AES, in compliance with NIST SP 800-38D.
  • PSESH Admin Account Recovery:  As a security measure, the admin account is locked out after 10 consecutive failed console login attempts. New ProtectServer Network HSMs that are shipped with appliance image 5.6 and above will allow the admin user to recover the account, without assistance from Gemalto, by zeroizing the HSM. The admin user can also reset passwords for the audit as well as the pseoperator user. Consult the product documentation for these procedures.
  • Updates to OpenSSL and OpenSSH:  SafeNet ProtectToolkit 5.6 contains security updates to OpenSSL and OpenSSH.
  • Kernel Updates Addressing Spectre/Meltdown Vulnerabilities:  The SafeNet ProtectServer Network HSM and SafeNet ProtectServer Network HSM Plus appliance kernels have been updated to address the Spectre and Meltdown vulnerabilities in Intel® processors.
  • Upgraded CPU in SafeNet ProtectServer Network HSM:  As part of our policy of continuous improvement, new SafeNet ProtectServer Network HSMs contain an upgraded Intel® Atom™ CPU E3827 1.74 GHz processor. These models have appliance software version 5.4 and HSM firmware 5.02.00 installed at the factory, and ship with SafeNet ProtectToolkit 5.5. You can download the latest software from the Customer Support Portal. If you require FIPS-validated firmware immediately, download and install firmware version 5.00.02.

Please go to the SafeNet Support Portal**to download the release notes – details as follows:

  • Release notes – Doc part number 007-007171-017 Rev. A
  • 610-009981-020 SW,PTK 5.6 (PTK-C;PTK-J;PTK-M) – Doc ID: KB0017437 /  DOW0002840
  • 007-013682-004 DOCUMENTATION,PTK 5.6 – Doc ID: KB0017435 / DOW0002841
  • 621-000097-014 FW UPGD,PSIE V 5.03.00 – Doc ID: KB0017436 / DOW0002842 

**Log in required.  Contact CustomerPortalSupport@Gemalto.com for assistance.