CASP Vaults Backup Encryption Prerequisites

This set of scripts controls a pair of public RSA keys that are used by CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. to encrypt backups of its vault key. See Vault Key Backup and Restore.

ekm_set_offline_backup_keys

Import public keys to CORE server and propagate them to all servers within the server's family (all EPs or all Partners).

Note
Run this script twice: once on EP and once on its Partner. Use the same parameters in the same order.

Syntax:

ekm_set_offline_backup_keys
--key_1 <PEM file with the 1st public RSA key in PKCS#1 or PKCS#8 format>
--key_2 <PEM file with the 2nd public RSA key in PKCS#1 or PKCS#8 format>
[-s,--self <arg>] // the bootstrap IP of the server
[-o <port>] // the bootstrap port of the server

Example:

sudo /opt/ekm/bin/ekm_set_offline_backup_keys.sh \
--key_1 encrypt-key1.pem \
--key_2 encrypt-key2.pem

Operation completed successfully

ekm_get_offline_backup_keys

This script prints the contents of the public RSA keys stored by the corresponding 'set' command.

Syntax:

ekm_get_offline_backup_keys
[--key_1] // use to get key1
[--key_2] // use to get key2
[-s,--self <arg>] // the bootstrap IP of the server
[-o <port>] // the bootstrap port of the server

By default, the output presents both keys when both --key_1 and --key_2 options are omitted.

Example:

sudo /opt/ekm/bin/ekm_get_offline_backup_keys.sh

KEY_1:
-----BEGIN RSA PUBLIC KEY-----MIIBCgKCAQEA7...BCqsLmhGRX884QVZtFgvSRXxo3+/m9QaYeZkbbjR84C+xOB9H1YtD4C+
---END RSA PUBLIC KEY-----

KEY_2:
-----BEGIN RSA PUBLIC KEY-----MIIBCgKCAQEAo...yijssNfwJ3+9V5zQCaEWyKItmv0HsFMQFA9X0F0P1Mw1TZVAmOrUlO2
----END RSA PUBLIC KEY-----

Operation completed successfully