|File Search||Catalog||Content Search|
The Token Key Service (TKS) is an optional PKI subsystem that manages the master key(s) and the transport key(s) required to generate and distribute keys for hardware tokens. TKS provides the security between tokens and an instance of Token Processing System (TPS), where the security relies upon the relationship between the master key and the token keys. A TPS communicates with a TKS over SSL using client authentication.
TKS helps establish a secure channel (signed and encrypted) between the token and the TPS, provides proof of presence of the security token during enrollment, and supports key changeover when the master key changes on the TKS. Tokens with older keys will get new token keys.
Because of the sensitivity of the data that TKS manages, TKS should be set up behind the firewall with restricted access.
For deployment purposes, a TKS requires the following components from the PKI Core package:
* pki-setup * pki-native-tools * pki-util * pki-java-tools * pki-common * pki-selinux
and can also make use of the following optional components from the PKI Core package:
* pki-util-javadoc * pki-java-tools-javadoc * pki-common-javadoc * pki-silent
Additionally, Certificate System requires ONE AND ONLY ONE of the following "Mutually-Exclusive" PKI Theme packages:
* dogtag-pki-theme (Dogtag Certificate System deployments) * redhat-pki-theme (Red Hat Certificate System deployments)