Overview#

SDI Key is a NICISDI Key managed by the NICI Security Domain Infrastructure

SDI Key is a Private Key and should be protected even though it is pratialy EncryptedSDI Key is:

• created when the first ncpServer is installed, or if there is an existing tree with the Security Domain Infrastructure already in the NDS Tree, the server retrieves the SDI Key from the Key servers during the NcpServer installation.
• is shared by all the servers within a NICI Security Domain.
• NICI SDI (Security Domain Infrastructure) is an eDirectory service which provides and manages shared keys for all ncpServers within a NICI Security Domain. Access to SDI Keys is governed by a specific ACL (eDirectory Attribute). There is a specific set of rights and attributes that allow a server to create and distribute an SDI Key. A NcpServer with this set of rights and attributes is known as a Key server. There is a different set of permissions and attributes that allows a server to acquire keys from a Key server.

NICISDI can manage multiple keys of varying Cryptographic strengths and algorithms. Each SDI Key can have a different NICI Security Domain and is controlled by the eDirectory rights and attributes of the eDirectory object representing the SDI Key known as the WX Entries:

• Linux: libniciext.so
• Microsoft Windows: niciext64.dlm

More Information#

There might be more information for this subject on one of the following:

• Key Access Partition
• Key server
• NDSPKISDKeyServerDN
• NICI Configuration Files
• NICIEXT
• NICISDI Keys
• NICISDITreeKeyProviderFaultTolerance
• NICITreeKeyProvider
• SDI Key
• SDIDIAG
• Security Domain Infrastructure
• TreeKey